Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1525240
MD5:0163b7a3440c77002573170f654d4b6b
SHA1:d1e11e83e8e8877aac2e94355d8e8574fa5fc3c6
SHA256:5f519644f642667d8ddef15add1564654aaab332312150f0ad47ede838164ca4
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7304 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0163B7A3440C77002573170F654D4B6B)
    • taskkill.exe (PID: 7320 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7384 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7460 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7524 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7588 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • chrome.exe (PID: 7688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7936 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2056,i,816563979153605487,13544301071999845567,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7648 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5328 --field-trial-handle=2056,i,816563979153605487,13544301071999845567,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=2056,i,816563979153605487,13544301071999845567,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 7304JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.9% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49767 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:55098 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:55099 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:55286 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:55335 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:55348 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0039DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A68EE FindFirstFileW,FindClose,0_2_003A68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_003A698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0039D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0039D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003A9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003A979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_003A9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_003A5C97
    Source: global trafficTCP traffic: 192.168.2.4:55093 -> 1.1.1.1:53
    Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
    Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003ACE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_003ACE44
    Source: global trafficHTTP traffic detected: GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1Host: youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1Host: www.youtube.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
    Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1617021717&timestamp=1727990170581 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=effH-MAavmEajXTNwQaVj84GSpcQHl-UyvhuEud0447UNarlXm5Z_48zC9k_-bJc4fs595mLDvX_qTuLEyDMBjNrL4jwDS9Bzf0gOiQYSazZs_xVqUl3U0g7q2svakZ-JTan0KwfWPNXMEzRRml96pic5gGAj8Li5VAOkjFgYUZ7yPdDl2A
    Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1bfgFNpEhAmKPVg&MD=tNSnbSPb HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
    Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1bfgFNpEhAmKPVg&MD=tNSnbSPb HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
    Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: chromecache_155.13.drString found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: accounts.youtube.com
    Source: global trafficDNS traffic detected: DNS query: play.google.com
    Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 519sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: chromecache_155.13.drString found in binary or memory: https://accounts.google.com
    Source: chromecache_155.13.drString found in binary or memory: https://accounts.google.com/TOS?loc=
    Source: chromecache_146.13.drString found in binary or memory: https://apis.google.com/js/api.js
    Source: chromecache_155.13.drString found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
    Source: chromecache_155.13.drString found in binary or memory: https://families.google.com/intl/
    Source: chromecache_146.13.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
    Source: chromecache_146.13.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
    Source: chromecache_146.13.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
    Source: chromecache_155.13.drString found in binary or memory: https://g.co/recover
    Source: chromecache_155.13.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
    Source: chromecache_155.13.drString found in binary or memory: https://play.google.com/work/enroll?identifier=
    Source: chromecache_155.13.drString found in binary or memory: https://play.google/intl/
    Source: chromecache_155.13.drString found in binary or memory: https://policies.google.com/privacy
    Source: chromecache_155.13.drString found in binary or memory: https://policies.google.com/privacy/additional
    Source: chromecache_155.13.drString found in binary or memory: https://policies.google.com/privacy/google-partners
    Source: chromecache_155.13.drString found in binary or memory: https://policies.google.com/technologies/cookies
    Source: chromecache_155.13.drString found in binary or memory: https://policies.google.com/technologies/location-data
    Source: chromecache_155.13.drString found in binary or memory: https://policies.google.com/terms
    Source: chromecache_155.13.drString found in binary or memory: https://policies.google.com/terms/location
    Source: chromecache_155.13.drString found in binary or memory: https://policies.google.com/terms/service-specific
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/animation/
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
    Source: chromecache_146.13.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
    Source: chromecache_155.13.drString found in binary or memory: https://support.google.com/accounts?hl=
    Source: chromecache_155.13.drString found in binary or memory: https://support.google.com/accounts?p=new-si-ui
    Source: chromecache_155.13.drString found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
    Source: chromecache_146.13.drString found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
    Source: chromecache_155.13.drString found in binary or memory: https://www.google.com
    Source: chromecache_155.13.drString found in binary or memory: https://www.google.com/intl/
    Source: chromecache_146.13.drString found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
    Source: chromecache_146.13.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
    Source: chromecache_146.13.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
    Source: chromecache_146.13.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
    Source: chromecache_146.13.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
    Source: chromecache_146.13.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
    Source: chromecache_155.13.drString found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
    Source: chromecache_155.13.drString found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
    Source: file.exe, 00000000.00000003.1701361249.00000000005A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: file.exe, 00000000.00000002.2925339253.0000000000D90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdsoft.wi
    Source: chromecache_155.13.drString found in binary or memory: https://youtube.com/t/terms?gl=
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 55246 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55281 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55197
    Source: unknownNetwork traffic detected: HTTP traffic on port 55269 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55198
    Source: unknownNetwork traffic detected: HTTP traffic on port 55303 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55199
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55193
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55194
    Source: unknownNetwork traffic detected: HTTP traffic on port 55326 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55195
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55190
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55191
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55192
    Source: unknownNetwork traffic detected: HTTP traffic on port 55349 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 55108 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 55337 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55211 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55119 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55154 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55097 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55372 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55189 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55200 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55143 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55361 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55235 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55258 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55338 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55178 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55315 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55097
    Source: unknownNetwork traffic detected: HTTP traffic on port 55270 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55096
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55095
    Source: unknownNetwork traffic detected: HTTP traffic on port 55222 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55165 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55190 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55099
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55098
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55142 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55131 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55247 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55304 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55120 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55292 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55233 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55279 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55118 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55191 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55146
    Source: unknownNetwork traffic detected: HTTP traffic on port 55153 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55267
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55147
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55268
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55148
    Source: unknownNetwork traffic detected: HTTP traffic on port 55130 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55269
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55149
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55153
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55274
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55154
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55275
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55155
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55276
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55156
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55277
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55270
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55150
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55271
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55151
    Source: unknownNetwork traffic detected: HTTP traffic on port 55201 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55272
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55152
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55273
    Source: unknownNetwork traffic detected: HTTP traffic on port 55213 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55291 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 55316 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55362 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55179 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55157
    Source: unknownNetwork traffic detected: HTTP traffic on port 55224 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55278
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55158
    Source: unknownNetwork traffic detected: HTTP traffic on port 55267 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55279
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55159
    Source: unknownNetwork traffic detected: HTTP traffic on port 55280 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55164
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55285
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55165
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55286
    Source: unknownNetwork traffic detected: HTTP traffic on port 55327 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55166
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55287
    Source: unknownNetwork traffic detected: HTTP traffic on port 55164 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55167
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55288
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55160
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55281
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55161
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55282
    Source: unknownNetwork traffic detected: HTTP traffic on port 55351 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55162
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55283
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55163
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55284
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55280
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 55256 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 55212 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 55098 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55168
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55289
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55169
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55175
    Source: unknownNetwork traffic detected: HTTP traffic on port 55245 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55296
    Source: unknownNetwork traffic detected: HTTP traffic on port 55328 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55176
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55297
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55177
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55298
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55178
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55299
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55171
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55292
    Source: unknownNetwork traffic detected: HTTP traffic on port 55350 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55172
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55293
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55173
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55294
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55174
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55295
    Source: unknownNetwork traffic detected: HTTP traffic on port 55305 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55129 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55290
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55170
    Source: unknownNetwork traffic detected: HTTP traffic on port 55180 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55291
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 55257 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55234 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55339 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55179
    Source: unknownNetwork traffic detected: HTTP traffic on port 55152 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55186
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55187
    Source: unknownNetwork traffic detected: HTTP traffic on port 55268 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55188
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55189
    Source: unknownNetwork traffic detected: HTTP traffic on port 55223 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55182
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55183
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55184
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55185
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55180
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55181
    Source: unknownNetwork traffic detected: HTTP traffic on port 55141 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55107 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownNetwork traffic detected: HTTP traffic on port 55208 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55289 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55300 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55266 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55243 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55220 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55163 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55140 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55232 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55312 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55192 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55358 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55323 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55277 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55181 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55105 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55290 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55369 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55151 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55193 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55170 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55357 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55219 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55139 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55301 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55324 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55278 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55106 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55255 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
    Source: unknownNetwork traffic detected: HTTP traffic on port 55335 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55099 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55117 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55162 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55244 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55346 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55128 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55210 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55313 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55359 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55336 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55371 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55276 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55299 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55182 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55104 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55127 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55253 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55150 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55288 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55171 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55242 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55115 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55221 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55302 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55348 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55149 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55231 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55287 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55116 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55161 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55347 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55209 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55314 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55370 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55265 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55183 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55325 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55254 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55172 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55195 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55114 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55217 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55125 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55102 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55366 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55320 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55228 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55263 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55355 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55252 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55298 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55160 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55126 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55321 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55241 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55264 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55354 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55297 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55184 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55309 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55148 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55173 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55205 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55230 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55343 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55286 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55332 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55159 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55275 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55216 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55103 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55101 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55147 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55285 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55262 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55333 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55310 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55345 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55368 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55207 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55136 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55112 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55185 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55273 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55218 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55239 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55174 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55206 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55344 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55197 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55334 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55229 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55113 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55158 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55251 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55146 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55274 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55169 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55322 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55240 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55356 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55135 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55296 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55311 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55367 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55124 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55317 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55106
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55227
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55348
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55107
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55228
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55349
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55108
    Source: unknownNetwork traffic detected: HTTP traffic on port 55157 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55229
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55109
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55223
    Source: unknownNetwork traffic detected: HTTP traffic on port 55134 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55102
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55344
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55224
    Source: unknownNetwork traffic detected: HTTP traffic on port 55111 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55103
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55345
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55104
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55225
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55346
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55105
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55226
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55347
    Source: unknownNetwork traffic detected: HTTP traffic on port 55186 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55230
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55351
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55110
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55231
    Source: unknownNetwork traffic detected: HTTP traffic on port 55352 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55352
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55111
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55232
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55353
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55112
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55233
    Source: unknownNetwork traffic detected: HTTP traffic on port 55295 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55354
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55350
    Source: unknownNetwork traffic detected: HTTP traffic on port 55272 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55341 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55175 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55117
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55238
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55359
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55118
    Source: unknownNetwork traffic detected: HTTP traffic on port 55203 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55239
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55119
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55113
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55234
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55355
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55114
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55235
    Source: unknownNetwork traffic detected: HTTP traffic on port 55284 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55356
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55115
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55236
    Source: unknownNetwork traffic detected: HTTP traffic on port 55249 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55357
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55116
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55237
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55358
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55120
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55241
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55362
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55121
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55242
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55363
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55122
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55243
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55364
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55123
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55244
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55365
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55360
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55240
    Source: unknownNetwork traffic detected: HTTP traffic on port 55306 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55361
    Source: unknownNetwork traffic detected: HTTP traffic on port 55168 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55122 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55283 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55363 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55340 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55128
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55249
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55129
    Source: unknownNetwork traffic detected: HTTP traffic on port 55202 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55225 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55124
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55245
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55366
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55125
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55246
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55367
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55126
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55247
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55368
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55127
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55248
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55369
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55131
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55252
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55132
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55253
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55133
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55254
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55134
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55255
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55370
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55250
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55371
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55130
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55251
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55372
    Source: unknownNetwork traffic detected: HTTP traffic on port 55238 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55123 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55198 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55100 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55318 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55139
    Source: unknownNetwork traffic detected: HTTP traffic on port 55156 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55135
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55256
    Source: unknownNetwork traffic detected: HTTP traffic on port 55261 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55136
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55257
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55258
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55138
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55259
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55142
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55263
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55143
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55264
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55144
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55265
    Source: unknownNetwork traffic detected: HTTP traffic on port 55329 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55145
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55266
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55260
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55140
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55261
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55141
    Source: unknownNetwork traffic detected: HTTP traffic on port 55187 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55262
    Source: unknownNetwork traffic detected: HTTP traffic on port 55145 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55250 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55365 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55199 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55308
    Source: unknownNetwork traffic detected: HTTP traffic on port 55176 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55309
    Source: unknownNetwork traffic detected: HTTP traffic on port 55342 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55304
    Source: unknownNetwork traffic detected: HTTP traffic on port 55227 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55305
    Source: unknownNetwork traffic detected: HTTP traffic on port 55204 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55306
    Source: unknownNetwork traffic detected: HTTP traffic on port 55096 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55307
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55300
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55301
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55302
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55303
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55310
    Source: unknownNetwork traffic detected: HTTP traffic on port 55307 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55167 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55144 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55236 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55259 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55121 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55319
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55315
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55316
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55317
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55318
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49767 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:55098 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:55099 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:55286 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:55335 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:55348 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003AEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_003AEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003AED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_003AED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003AEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_003AEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0039AA57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003C9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_003C9576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_05e2c3b0-d
    Source: file.exe, 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_7d719593-2
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_5aa4f5df-b
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_467995c0-a
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0039D5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00391201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00391201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0039E8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0033BF400_2_0033BF40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003380600_2_00338060
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A20460_2_003A2046
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003982980_2_00398298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036E4FF0_2_0036E4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036676B0_2_0036676B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003C48730_2_003C4873
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0035CAA00_2_0035CAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0033CAF00_2_0033CAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0034CC390_2_0034CC39
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00366DD90_2_00366DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0034B1190_2_0034B119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003391C00_2_003391C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003513940_2_00351394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003517060_2_00351706
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0035781B0_2_0035781B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003379200_2_00337920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0034997D0_2_0034997D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003519B00_2_003519B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00357A4A0_2_00357A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00351C770_2_00351C77
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00357CA70_2_00357CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003BBE440_2_003BBE44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00369EEE0_2_00369EEE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00351F320_2_00351F32
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0034F9F2 appears 31 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00350A30 appears 46 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal64.troj.evad.winEXE@51/30@12/8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A37B5 GetLastError,FormatMessageW,0_2_003A37B5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003910BF AdjustTokenPrivileges,CloseHandle,0_2_003910BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003916C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_003916C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_003A51CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003BA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_003BA67C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_003A648E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003342A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_003342A2
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7328:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7596:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7392:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7532:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7468:120:WilError_03
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2056,i,816563979153605487,13544301071999845567,262144 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5328 --field-trial-handle=2056,i,816563979153605487,13544301071999845567,262144 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=2056,i,816563979153605487,13544301071999845567,262144 /prefetch:8
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobarsJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2056,i,816563979153605487,13544301071999845567,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5328 --field-trial-handle=2056,i,816563979153605487,13544301071999845567,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=2056,i,816563979153605487,13544301071999845567,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003342DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00350A76 push ecx; ret 0_2_00350A89
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0034F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0034F98E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003C1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_003C1C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96045
    Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 7150Jump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow / User API: foregroundWindowGot 1775Jump to behavior
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.3 %
    Source: C:\Users\user\Desktop\file.exe TID: 7308Thread sleep time: -71500s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeThread sleep count: Count: 7150 delay: -10Jump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0039DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A68EE FindFirstFileW,FindClose,0_2_003A68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_003A698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0039D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0039D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003A9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_003A979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_003A9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_003A5C97
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003342DE
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003AEAA2 BlockInput,0_2_003AEAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00362622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00362622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003342DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00354CE8 mov eax, dword ptr fs:[00000030h]0_2_00354CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00390B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00390B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00362622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00362622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0035083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0035083F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003509D5 SetUnhandledExceptionFilter,0_2_003509D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00350C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00350C21
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00391201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00391201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00372BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00372BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0039B226 SendInput,keybd_event,0_2_0039B226
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_003B22DA
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00390B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00390B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00391663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00391663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00350698 cpuid 0_2_00350698
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003A8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_003A8195
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0038D27A GetUserNameW,0_2_0038D27A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_0036BB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_003342DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7304, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7304, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_003B1204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003B1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_003B1806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		11
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
    Valid Accounts    		2
    Obfuscated Files or Information    		Security Account Manager1
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
    Access Token Manipulation    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture4
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script2
    Process Injection    		2
    Valid Accounts    		LSA Secrets12
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
    Virtualization/Sandbox Evasion    		Cached Domain Credentials12
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
    Access Token Manipulation    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
    Process Injection    		Proc Filesystem11
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1525240 Sample: file.exe Startdate: 03/10/2024 Architecture: WINDOWS Score: 64 46 Yara detected Credential Flusher 2->46 48 Binary is likely a compiled AutoIt script file 2->48 50 Machine Learning detection for sample 2->50 52 AI detected suspicious sample 2->52 7 file.exe 2->7         started        process3 signatures4 54 Binary is likely a compiled AutoIt script file 7->54 56 Found API chain indicative of sandbox detection 7->56 10 chrome.exe 1 7->10         started        13 taskkill.exe 1 7->13         started        15 taskkill.exe 1 7->15         started        17 3 other processes 7->17 process5 dnsIp6 42 192.168.2.4, 138, 443, 49544 unknown unknown 10->42 44 239.255.255.250 unknown Reserved 10->44 19 chrome.exe 10->19         started        22 chrome.exe 10->22         started        24 chrome.exe 6 10->24         started        26 conhost.exe 13->26         started        28 conhost.exe 15->28         started        30 conhost.exe 17->30         started        32 conhost.exe 17->32         started        34 conhost.exe 17->34         started        process7 dnsIp8 36 www3.l.google.com 142.250.184.238, 443, 49757 GOOGLEUS United States 19->36 38 play.google.com 142.250.185.142, 443, 49760, 49761 GOOGLEUS United States 19->38 40 6 other IPs or domains 19->40

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://play.google/intl/0%URL Reputationsafe
    https://families.google.com/intl/0%URL Reputationsafe
    https://policies.google.com/technologies/location-data0%URL Reputationsafe
    https://apis.google.com/js/api.js0%URL Reputationsafe
    https://policies.google.com/privacy/google-partners0%URL Reputationsafe
    https://policies.google.com/terms/service-specific0%URL Reputationsafe
    https://g.co/recover0%URL Reputationsafe
    https://policies.google.com/privacy/additional0%URL Reputationsafe
    https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=32850720%URL Reputationsafe
    https://policies.google.com/technologies/cookies0%URL Reputationsafe
    https://policies.google.com/terms0%URL Reputationsafe
    https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=0%URL Reputationsafe
    https://support.google.com/accounts?hl=0%URL Reputationsafe
    https://policies.google.com/terms/location0%URL Reputationsafe
    https://policies.google.com/privacy0%URL Reputationsafe
    https://support.google.com/accounts?p=new-si-ui0%URL Reputationsafe
    https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    youtube-ui.l.google.com
    		142.250.185.174
    		truefalse
      		unknown
      www3.l.google.com
      		142.250.184.238
      		truefalse
        		unknown
        play.google.com
        		142.250.185.142
        		truefalse
          		unknown
          www.google.com
          		142.250.186.132
          		truefalse
            		unknown
            youtube.com
            		142.250.186.174
            		truefalse
              		unknown
              accounts.youtube.com
              		unknown
              		unknownfalse
                		unknown
                www.youtube.com
                		unknown
                		unknownfalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://play.google.com/log?format=json&hasfast=true&authuser=0false
                    		unknown
                    https://www.google.com/favicon.icofalse
                      		unknown
                      https://play.google.com/log?hasfast=true&authuser=0&format=jsonfalse
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://play.google/intl/chromecache_155.13.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://families.google.com/intl/chromecache_155.13.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://youtube.com/t/terms?gl=chromecache_155.13.drfalse
                          		unknown
                          https://policies.google.com/technologies/location-datachromecache_155.13.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.google.com/intl/chromecache_155.13.drfalse
                            		unknown
                            https://apis.google.com/js/api.jschromecache_146.13.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://policies.google.com/privacy/google-partnerschromecache_155.13.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://play.google.com/work/enroll?identifier=chromecache_155.13.drfalse
                              		unknown
                              https://policies.google.com/terms/service-specificchromecache_155.13.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://g.co/recoverchromecache_155.13.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://policies.google.com/privacy/additionalchromecache_155.13.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072chromecache_155.13.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://policies.google.com/technologies/cookieschromecache_155.13.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://policies.google.com/termschromecache_155.13.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=chromecache_146.13.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://www.google.comchromecache_155.13.drfalse
                                		unknown
                                https://play.google.com/log?format=json&hasfast=truechromecache_155.13.drfalse
                                  		unknown
                                  https://www.youtube.com/t/terms?chromeless=1&hl=chromecache_155.13.drfalse
                                    		unknown
                                    https://support.google.com/accounts?hl=chromecache_155.13.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://policies.google.com/terms/locationchromecache_155.13.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://policies.google.com/privacychromecache_155.13.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://support.google.com/accounts?p=new-si-uichromecache_155.13.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessagechromecache_155.13.drfalse
                                    • URL Reputation: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    142.250.186.78
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    142.250.186.174
                                    		youtube.comUnited States
                                    		15169GOOGLEUSfalse
                                    239.255.255.250
                                    		unknownReserved
                                    		unknownunknownfalse
                                    142.250.185.174
                                    		youtube-ui.l.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    142.250.185.142
                                    		play.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    142.250.186.132
                                    		www.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    142.250.184.238
                                    		www3.l.google.comUnited States
                                    		15169GOOGLEUSfalse

                                    Private

                                    IP
                                    192.168.2.4

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1525240
                                    Start date and time:2024-10-03 23:15:06 +02:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 4m 58s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:21
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:file.exe
                                    Detection:MAL
                                    Classification:mal64.troj.evad.winEXE@51/30@12/8
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HCA Information:
                                    • Successful, ratio: 96%
                                    • Number of executed functions: 37
                                    • Number of non-executed functions: 315
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.186.110, 64.233.167.84, 34.104.35.123, 142.250.185.195, 142.250.186.106, 142.250.185.202, 172.217.18.10, 142.250.186.42, 142.250.181.234, 142.250.185.106, 142.250.186.170, 142.250.186.74, 142.250.184.234, 142.250.185.234, 142.250.74.202, 216.58.206.42, 172.217.16.202, 142.250.184.202, 142.250.185.170, 142.250.185.138, 142.250.186.138, 142.250.185.74, 216.58.206.74, 172.217.23.106, 93.184.221.240, 192.229.221.95, 142.250.74.195, 74.125.133.84, 216.58.212.174
                                    • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
                                    • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    • VT rate limit hit for: file.exe

                                    Simulations

                                    Behavior and APIs

                                    No simulations

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    239.255.255.250https://www.google.se/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s/link.mail.beehiiv.com/ss/c/u001.mtSAz3_WgZe6oQdiJX3I5Wky17Shk-m8xsMoltULMS3mzuBnL-QM9pVTUTxyWc1WyOovmb3Tk3NbIL2d2EAiLnALFxIwpw4Ea5BJnfNlGtrBBU_09OdOyxWIoH5OGk5krozZGyDG04GwV1A1i62V7ZHAsHD2HuXxLRbuTLwJ7nne5OoBikrWbP09wdmrU0Ux1PwQTxWW-4WqOLqDM-eOzn5OS5dc9AC-zsZGTpLU68lyIxLrcGUjprs01qDo_AF9kArbtDnZS59rgsqwPhVy55PUqH74R1QD9RQNSwa0QLjmNb6xFyDx4TkQQ9pmK-Sq/4a7/BVRt3igITgKfI8bq35Ml_w/h53/h001.yn5JRYzfVDjfbL0RFC-jVPp1XHK_GYk_K4Zr7dwWM3MGet hashmaliciousUnknownBrowse
                                      teracopy.exeGet hashmaliciousUnknownBrowse
                                        COVID-19.pdfGet hashmaliciousPDFPhishBrowse
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                            Play_VM-Now(Cbequipment)CLQD.htmlGet hashmaliciousUnknownBrowse
                                              ORA _ Morningstar DBRS.htmlGet hashmaliciousUnknownBrowse
                                                https://www.ccjm.org/highwire_log/share/mendeley?link=https://onpro.infoGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    https://auth-owlting.com/enterprise/core.jsGet hashmaliciousUnknownBrowse
                                                      https://www.salarytoolint.net/lam/c650d2e0-ca12-4bbd-8ff2-35011d35d0af/a717ea91-20df-42de-8c6b-2dc111827916/c05902dd-1112-4a4c-81f2-0bf48471902f/login?id=eHFCV2l4bzZWNDNkSEk1T2EvVTd3dkoyNlIxaUJuY3g1TWRhbmM2MlF4S01yN2FZOXVoV2F1TUloUFJzQWwvREl6cFB2SEpPbHdRUENta1E2UXM3MW10MllxU1N6eGZmUktOdWgwMG5IcnVNRlhpTkpMb1pzczZIK1NBaGdHd1J5V1BjeW4zbXU4enczMDRvekpNUHlEZEJxVkNqVjVZNU5HWnNVeEpKTjgvblZBMUVQbHUxL1FLcVhCcHV6RUtQeDluUFFqQXlNRWJKSjZRZGRtQ1VwbEpHQkE1VU1EZ2hxMnQzSWdMWGthWFhqZTVOVy9wUlRyaXJoMzd6eGV6N2p1YUMrVGxORzdwQTNZeExtbGNvUFZ4bU1zU2lUcnJhRDdMMVFLaWtDWUZoeVpvdWphTVFwa1ZobTkzVEdWSisvSEVxQk82blo5TEhSdmowcDhra2dJNzFZcW5ra1FtRlY4azV5MkVrQjdVaGtPZFpCNWdrN214dEZBV21BTlZEY3FteVVCTGNzYVBTZDNhNXVIeEl1VTdXZ2tpL2RiOVhWeEZPWHhsLzNia0h0NVpCdVI4TVYvVzZiUHpKZnp4VQGet hashmaliciousUnknownBrowse

                                                        Domains

                                                        No context

                                                        ASNs

                                                        No context

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        28a2c9bd18a11de089ef85a160da29e4https://www.google.se/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s/link.mail.beehiiv.com/ss/c/u001.mtSAz3_WgZe6oQdiJX3I5Wky17Shk-m8xsMoltULMS3mzuBnL-QM9pVTUTxyWc1WyOovmb3Tk3NbIL2d2EAiLnALFxIwpw4Ea5BJnfNlGtrBBU_09OdOyxWIoH5OGk5krozZGyDG04GwV1A1i62V7ZHAsHD2HuXxLRbuTLwJ7nne5OoBikrWbP09wdmrU0Ux1PwQTxWW-4WqOLqDM-eOzn5OS5dc9AC-zsZGTpLU68lyIxLrcGUjprs01qDo_AF9kArbtDnZS59rgsqwPhVy55PUqH74R1QD9RQNSwa0QLjmNb6xFyDx4TkQQ9pmK-Sq/4a7/BVRt3igITgKfI8bq35Ml_w/h53/h001.yn5JRYzfVDjfbL0RFC-jVPp1XHK_GYk_K4Zr7dwWM3MGet hashmaliciousUnknownBrowse
                                                        • 4.175.87.197
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                        • 4.175.87.197
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        Play_VM-Now(Cbequipment)CLQD.htmlGet hashmaliciousUnknownBrowse
                                                        • 4.175.87.197
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        ORA _ Morningstar DBRS.htmlGet hashmaliciousUnknownBrowse
                                                        • 4.175.87.197
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        carrier_ratecon.exeGet hashmaliciousLummaCBrowse
                                                        • 4.175.87.197
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        https://www.ccjm.org/highwire_log/share/mendeley?link=https://onpro.infoGet hashmaliciousUnknownBrowse
                                                        • 4.175.87.197
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                        • 4.175.87.197
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        https://auth-owlting.com/enterprise/core.jsGet hashmaliciousUnknownBrowse
                                                        • 4.175.87.197
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        https://www.salarytoolint.net/lam/c650d2e0-ca12-4bbd-8ff2-35011d35d0af/a717ea91-20df-42de-8c6b-2dc111827916/c05902dd-1112-4a4c-81f2-0bf48471902f/login?id=eHFCV2l4bzZWNDNkSEk1T2EvVTd3dkoyNlIxaUJuY3g1TWRhbmM2MlF4S01yN2FZOXVoV2F1TUloUFJzQWwvREl6cFB2SEpPbHdRUENta1E2UXM3MW10MllxU1N6eGZmUktOdWgwMG5IcnVNRlhpTkpMb1pzczZIK1NBaGdHd1J5V1BjeW4zbXU4enczMDRvekpNUHlEZEJxVkNqVjVZNU5HWnNVeEpKTjgvblZBMUVQbHUxL1FLcVhCcHV6RUtQeDluUFFqQXlNRWJKSjZRZGRtQ1VwbEpHQkE1VU1EZ2hxMnQzSWdMWGthWFhqZTVOVy9wUlRyaXJoMzd6eGV6N2p1YUMrVGxORzdwQTNZeExtbGNvUFZ4bU1zU2lUcnJhRDdMMVFLaWtDWUZoeVpvdWphTVFwa1ZobTkzVEdWSisvSEVxQk82blo5TEhSdmowcDhra2dJNzFZcW5ra1FtRlY4azV5MkVrQjdVaGtPZFpCNWdrN214dEZBV21BTlZEY3FteVVCTGNzYVBTZDNhNXVIeEl1VTdXZ2tpL2RiOVhWeEZPWHhsLzNia0h0NVpCdVI4TVYvVzZiUHpKZnp4VQGet hashmaliciousUnknownBrowse
                                                        • 4.175.87.197
                                                        • 184.28.90.27
                                                        • 13.107.246.45
                                                        https://wvr4dgzxxavl6jjpq7rl.igortsaplin.pro/WFzFCiNxGet hashmaliciousHTMLPhisherBrowse
                                                        • 4.175.87.197
                                                        • 184.28.90.27
                                                        • 13.107.246.45

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        Chrome Cache Entry: 141

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:HTML document, ASCII text, with very long lines (681)
                                                        Category:downloaded
                                                        Size (bytes):4066
                                                        Entropy (8bit):5.369564168658135
                                                        Encrypted:false
                                                        SSDEEP:96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoT4w:3mTOImedWOVF6vtUJyA8xJt
                                                        MD5:4D3D9750CA5EB8A7D20993397BC5A6B8
                                                        SHA1:DDB05A2C8AB1FD4537EEB2433BDF507CEE8CB8D2
                                                        SHA-256:FCD1C642992A0BAF9038B3710DA080282AF0C80C113E1CE8F984F8143A2B2B32
                                                        SHA-512:482DD926971FACA341058B35D333CEF64EAC460FC29B0B17AF5CD515253BCE973BBCAABADE3C4D125E07DE3BC75DE52059D5B229C44C5F95A30B845651EF64CA
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
                                                        Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

                                                        Chrome Cache Entry: 142

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (1694)
                                                        Category:downloaded
                                                        Size (bytes):32500
                                                        Entropy (8bit):5.378121087555083
                                                        Encrypted:false
                                                        SSDEEP:768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
                                                        MD5:57D7B0A2CE36496F05AFA27B39C1F219
                                                        SHA1:418AD03C2E75AEAF188E2A00123B70E09D541656
                                                        SHA-256:E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
                                                        SHA-512:78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

                                                        Chrome Cache Entry: 143

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (570)
                                                        Category:downloaded
                                                        Size (bytes):3467
                                                        Entropy (8bit):5.508385764606741
                                                        Encrypted:false
                                                        SSDEEP:96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
                                                        MD5:231ABD6E6C360E709640B399EDF85476
                                                        SHA1:6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
                                                        SHA-256:44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
                                                        SHA-512:D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

                                                        Chrome Cache Entry: 144

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (683)
                                                        Category:downloaded
                                                        Size (bytes):3131
                                                        Entropy (8bit):5.352056237104327
                                                        Encrypted:false
                                                        SSDEEP:48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
                                                        MD5:ADEF03127F74F5E6742B8CFA7B863F28
                                                        SHA1:58D7C635582AF10E91EC047FD315FAF758AF51DA
                                                        SHA-256:5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
                                                        SHA-512:3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d||(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

                                                        Chrome Cache Entry: 145

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (533)
                                                        Category:downloaded
                                                        Size (bytes):9210
                                                        Entropy (8bit):5.393248075042016
                                                        Encrypted:false
                                                        SSDEEP:192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
                                                        MD5:2ED5BC88509286438B682EFF23518005
                                                        SHA1:D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
                                                        SHA-256:F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
                                                        SHA-512:12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null||typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]||null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null||b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

                                                        Chrome Cache Entry: 146

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (553)
                                                        Category:downloaded
                                                        Size (bytes):744316
                                                        Entropy (8bit):5.792609563905897
                                                        Encrypted:false
                                                        SSDEEP:6144:h5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguaH:5OeKGSpguA
                                                        MD5:E5DFAA54FA9E49582769745439A0B809
                                                        SHA1:A5BA6F69DA4C2D684DF9A6E5EFAF91CDEDC9DFBA
                                                        SHA-256:FC7077701258AA0159E2A90714C0245E556F60F36F73574515C5E12B02CBDDD2
                                                        SHA-512:EF0BE7B81E43B2E899769204B107EBA503C46E27D57952238DD92A35F8871061302E1BB97398B7E58672B598642C85B2918DC881E63F2F85712E38601E76CF7F
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlGqbcbY7EPIbU9aEKq4q6omjn3kkA/m=_b,_tp"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x2860c1c4, 0x20469860, 0x39e13c40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT.*/./*. SPDX-License-Identifier: Apache-2.0.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

                                                        Chrome Cache Entry: 147

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                        Category:downloaded
                                                        Size (bytes):5430
                                                        Entropy (8bit):3.6534652184263736
                                                        Encrypted:false
                                                        SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                                        MD5:F3418A443E7D841097C714D69EC4BCB8
                                                        SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                                        SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                                        SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                                        Malicious:false
                                                        URL:https://www.google.com/favicon.ico
                                                        Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                                                        Chrome Cache Entry: 148

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
                                                        Category:downloaded
                                                        Size (bytes):52280
                                                        Entropy (8bit):7.995413196679271
                                                        Encrypted:true
                                                        SSDEEP:1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
                                                        MD5:F61F0D4D0F968D5BBA39A84C76277E1A
                                                        SHA1:AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
                                                        SHA-256:57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
                                                        SHA-512:6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
                                                        Malicious:false
                                                        URL:https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
                                                        Preview:wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.*',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.|*(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.5*1w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e*......71.?.7.ORv.?...l...G|.P...|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....|..D.d..

                                                        Chrome Cache Entry: 149

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (755)
                                                        Category:downloaded
                                                        Size (bytes):1460
                                                        Entropy (8bit):5.274624539239422
                                                        Encrypted:false
                                                        SSDEEP:24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
                                                        MD5:481C149C4D3EE4A53C3E7CBA067371DF
                                                        SHA1:E0FED275636D3492C922C44F010157FAF0936733
                                                        SHA-256:9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
                                                        SHA-512:EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()*1E3,a.bS(),d.aa()*1E3,b)},h_a=function(a){return Math.random()*Math.min(a.xa*Math.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

                                                        Chrome Cache Entry: 150

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (2907)
                                                        Category:downloaded
                                                        Size (bytes):23298
                                                        Entropy (8bit):5.429186219736739
                                                        Encrypted:false
                                                        SSDEEP:384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
                                                        MD5:A5C41D7BA22E9CF451810802AE5AC2E8
                                                        SHA1:858F35134A0BD7BAECB1B1A30EC3645642214554
                                                        SHA-256:D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
                                                        SHA-512:DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka||a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

                                                        Chrome Cache Entry: 151

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (468)
                                                        Category:downloaded
                                                        Size (bytes):1858
                                                        Entropy (8bit):5.297658905867848
                                                        Encrypted:false
                                                        SSDEEP:48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
                                                        MD5:B42DB3D22B12B8E3BE1B82961FE2870E
                                                        SHA1:D9CFD11C1C2DE17A7E9301F11AD875B610B96576
                                                        SHA-256:75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
                                                        SHA-512:EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)||function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)||function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)||function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

                                                        Chrome Cache Entry: 152

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (522)
                                                        Category:downloaded
                                                        Size (bytes):5050
                                                        Entropy (8bit):5.30005628600801
                                                        Encrypted:false
                                                        SSDEEP:96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
                                                        MD5:D9F15F1AEAF15673336FAA3507D1A2A7
                                                        SHA1:FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
                                                        SHA-256:AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
                                                        SHA-512:D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")||"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")||"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

                                                        Chrome Cache Entry: 153

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:downloaded
                                                        Size (bytes):84
                                                        Entropy (8bit):4.875266466142591
                                                        Encrypted:false
                                                        SSDEEP:3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
                                                        MD5:87B6333E98B7620EA1FF98D1A837A39E
                                                        SHA1:105DE6815B0885357DE1414BFC0D77FCC9E924EF
                                                        SHA-256:DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
                                                        SHA-512:867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
                                                        Malicious:false
                                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                                                        Preview:Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

                                                        Chrome Cache Entry: 154

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (395)
                                                        Category:downloaded
                                                        Size (bytes):1608
                                                        Entropy (8bit):5.271783084011668
                                                        Encrypted:false
                                                        SSDEEP:48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
                                                        MD5:45EA91A811A594F81B7F760DD14BE237
                                                        SHA1:2C97782C6D5D0BCFB3676FF24AA1008251090DAE
                                                        SHA-256:7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
                                                        SHA-512:4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
                                                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

                                                        Chrome Cache Entry: 155

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (5693)
                                                        Category:downloaded
                                                        Size (bytes):698375
                                                        Entropy (8bit):5.594847180822494
                                                        Encrypted:false
                                                        SSDEEP:6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLniy7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxniZU+
                                                        MD5:9CB39A9BED5FF75EEA0E5CDECB8173A2
                                                        SHA1:17221DDCEBFCDD26C01E6EB9A8FB51CFCDE716E8
                                                        SHA-256:37D3F108CC80806B0C46B3D6A2084E33E7370124D3B8AAEF55588370CFEBC014
                                                        SHA-512:8C07EC9BEB91B345B25280EFD158D77F8E4A6F889A9CDFDECF734C12EDAC2D2FC329EF5F72D5DBF7A795E24E5D77A30E4072F8547FCF80560655AB737ED4658E
                                                        Malicious:false
                                                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
                                                        Preview:"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Entropy (8bit):6.583788445631894
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:file.exe
                                                        File size:919'040 bytes
                                                        MD5:0163b7a3440c77002573170f654d4b6b
                                                        SHA1:d1e11e83e8e8877aac2e94355d8e8574fa5fc3c6
                                                        SHA256:5f519644f642667d8ddef15add1564654aaab332312150f0ad47ede838164ca4
                                                        SHA512:86779df3f7f9f42609ccb403010d0c358693436279f64b000521890bf5089a3cfa893ddb6d071a12a33ed2a370a2c50c050b0860c3102277b8e6dfe1bf92111d
                                                        SSDEEP:24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8a4EK:ZTvC/MTQYxsWR7a4
                                                        TLSH:48159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                        File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                        File Icon

                                                        Icon Hash:aaf3e3e3938382a0

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x420577
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x66FF04B2 [Thu Oct 3 20:55:14 2024 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:5
                                                        OS Version Minor:1
                                                        File Version Major:5
                                                        File Version Minor:1
                                                        Subsystem Version Major:5
                                                        Subsystem Version Minor:1
                                                        Import Hash:948cc502fe9226992dce9417f952fce3

                                                        Entrypoint Preview

                                                        Instruction
                                                        call 00007FA138EF3BA3h
                                                        jmp 00007FA138EF34AFh
                                                        push ebp
                                                        mov ebp, esp
                                                        push esi
                                                        push dword ptr [ebp+08h]
                                                        mov esi, ecx
                                                        call 00007FA138EF368Dh
                                                        mov dword ptr [esi], 0049FDF0h
                                                        mov eax, esi
                                                        pop esi
                                                        pop ebp
                                                        retn 0004h
                                                        and dword ptr [ecx+04h], 00000000h
                                                        mov eax, ecx
                                                        and dword ptr [ecx+08h], 00000000h
                                                        mov dword ptr [ecx+04h], 0049FDF8h
                                                        mov dword ptr [ecx], 0049FDF0h
                                                        ret
                                                        push ebp
                                                        mov ebp, esp
                                                        push esi
                                                        push dword ptr [ebp+08h]
                                                        mov esi, ecx
                                                        call 00007FA138EF365Ah
                                                        mov dword ptr [esi], 0049FE0Ch
                                                        mov eax, esi
                                                        pop esi
                                                        pop ebp
                                                        retn 0004h
                                                        and dword ptr [ecx+04h], 00000000h
                                                        mov eax, ecx
                                                        and dword ptr [ecx+08h], 00000000h
                                                        mov dword ptr [ecx+04h], 0049FE14h
                                                        mov dword ptr [ecx], 0049FE0Ch
                                                        ret
                                                        push ebp
                                                        mov ebp, esp
                                                        push esi
                                                        mov esi, ecx
                                                        lea eax, dword ptr [esi+04h]
                                                        mov dword ptr [esi], 0049FDD0h
                                                        and dword ptr [eax], 00000000h
                                                        and dword ptr [eax+04h], 00000000h
                                                        push eax
                                                        mov eax, dword ptr [ebp+08h]
                                                        add eax, 04h
                                                        push eax
                                                        call 00007FA138EF624Dh
                                                        pop ecx
                                                        pop ecx
                                                        mov eax, esi
                                                        pop esi
                                                        pop ebp
                                                        retn 0004h
                                                        lea eax, dword ptr [ecx+04h]
                                                        mov dword ptr [ecx], 0049FDD0h
                                                        push eax
                                                        call 00007FA138EF6298h
                                                        pop ecx
                                                        ret
                                                        push ebp
                                                        mov ebp, esp
                                                        push esi
                                                        mov esi, ecx
                                                        lea eax, dword ptr [esi+04h]
                                                        mov dword ptr [esi], 0049FDD0h
                                                        push eax
                                                        call 00007FA138EF6281h
                                                        test byte ptr [ebp+08h], 00000001h
                                                        pop ecx

                                                        Rich Headers

                                                        Programming Language:
                                                        • [ C ] VS2008 SP1 build 30729
                                                        • [IMP] VS2008 SP1 build 30729

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9bb8.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .rsrc0xd40000x9bb80x9c00dc597dea425b615d5bf340b7a0ed4384False0.3167568108974359data5.332841409910262IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                        RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                        RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                        RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                        RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                        RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                        RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                        RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                        RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                        RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                        RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                        RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                        RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                        RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                        RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                        RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                        RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                        RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                        RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                        RT_RCDATA0xdc7b80xe7edata1.002964959568733
                                                        RT_GROUP_ICON0xdd6380x76dataEnglishGreat Britain0.6610169491525424
                                                        RT_GROUP_ICON0xdd6b00x14dataEnglishGreat Britain1.25
                                                        RT_GROUP_ICON0xdd6c40x14dataEnglishGreat Britain1.15
                                                        RT_GROUP_ICON0xdd6d80x14dataEnglishGreat Britain1.25
                                                        RT_VERSION0xdd6ec0xdcdataEnglishGreat Britain0.6181818181818182
                                                        RT_MANIFEST0xdd7c80x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                        Imports

                                                        DLLImport
                                                        WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                        VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                        WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                        COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                        MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                        WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                        PSAPI.DLLGetProcessMemoryInfo
                                                        IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                        USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                        UxTheme.dllIsThemeActive
                                                        KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                        USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                        GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                        COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                        ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                        SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                        ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                        OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        EnglishGreat Britain

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Oct 3, 2024 23:16:01.773849010 CEST49675443192.168.2.4173.222.162.32
                                                        Oct 3, 2024 23:16:02.488822937 CEST49730443192.168.2.4142.250.186.174
                                                        Oct 3, 2024 23:16:02.488922119 CEST44349730142.250.186.174192.168.2.4
                                                        Oct 3, 2024 23:16:02.489027977 CEST49730443192.168.2.4142.250.186.174
                                                        Oct 3, 2024 23:16:02.498729944 CEST49730443192.168.2.4142.250.186.174
                                                        Oct 3, 2024 23:16:02.498766899 CEST44349730142.250.186.174192.168.2.4
                                                        Oct 3, 2024 23:16:03.152980089 CEST44349730142.250.186.174192.168.2.4
                                                        Oct 3, 2024 23:16:03.153717041 CEST49730443192.168.2.4142.250.186.174
                                                        Oct 3, 2024 23:16:03.153753996 CEST44349730142.250.186.174192.168.2.4
                                                        Oct 3, 2024 23:16:03.154438972 CEST44349730142.250.186.174192.168.2.4
                                                        Oct 3, 2024 23:16:03.154506922 CEST49730443192.168.2.4142.250.186.174
                                                        Oct 3, 2024 23:16:03.155478954 CEST44349730142.250.186.174192.168.2.4
                                                        Oct 3, 2024 23:16:03.155535936 CEST49730443192.168.2.4142.250.186.174
                                                        Oct 3, 2024 23:16:03.156601906 CEST49730443192.168.2.4142.250.186.174
                                                        Oct 3, 2024 23:16:03.156692982 CEST44349730142.250.186.174192.168.2.4
                                                        Oct 3, 2024 23:16:03.156779051 CEST49730443192.168.2.4142.250.186.174
                                                        Oct 3, 2024 23:16:03.156796932 CEST44349730142.250.186.174192.168.2.4
                                                        Oct 3, 2024 23:16:03.210670948 CEST49730443192.168.2.4142.250.186.174
                                                        Oct 3, 2024 23:16:03.432498932 CEST44349730142.250.186.174192.168.2.4
                                                        Oct 3, 2024 23:16:03.432581902 CEST49730443192.168.2.4142.250.186.174
                                                        Oct 3, 2024 23:16:03.432621956 CEST44349730142.250.186.174192.168.2.4
                                                        Oct 3, 2024 23:16:03.432689905 CEST44349730142.250.186.174192.168.2.4
                                                        Oct 3, 2024 23:16:03.432976007 CEST49730443192.168.2.4142.250.186.174
                                                        Oct 3, 2024 23:16:03.479850054 CEST49730443192.168.2.4142.250.186.174
                                                        Oct 3, 2024 23:16:03.479859114 CEST44349730142.250.186.174192.168.2.4
                                                        Oct 3, 2024 23:16:03.479870081 CEST49730443192.168.2.4142.250.186.174
                                                        Oct 3, 2024 23:16:03.479914904 CEST49730443192.168.2.4142.250.186.174
                                                        Oct 3, 2024 23:16:03.638809919 CEST49736443192.168.2.4142.250.185.174
                                                        Oct 3, 2024 23:16:03.638901949 CEST44349736142.250.185.174192.168.2.4
                                                        Oct 3, 2024 23:16:03.639406919 CEST49736443192.168.2.4142.250.185.174
                                                        Oct 3, 2024 23:16:03.639873028 CEST49736443192.168.2.4142.250.185.174
                                                        Oct 3, 2024 23:16:03.639918089 CEST44349736142.250.185.174192.168.2.4
                                                        Oct 3, 2024 23:16:04.281131029 CEST44349736142.250.185.174192.168.2.4
                                                        Oct 3, 2024 23:16:04.281408072 CEST49736443192.168.2.4142.250.185.174
                                                        Oct 3, 2024 23:16:04.281446934 CEST44349736142.250.185.174192.168.2.4
                                                        Oct 3, 2024 23:16:04.282744884 CEST44349736142.250.185.174192.168.2.4
                                                        Oct 3, 2024 23:16:04.282819033 CEST49736443192.168.2.4142.250.185.174
                                                        Oct 3, 2024 23:16:04.285301924 CEST44349736142.250.185.174192.168.2.4
                                                        Oct 3, 2024 23:16:04.285357952 CEST49736443192.168.2.4142.250.185.174
                                                        Oct 3, 2024 23:16:04.286374092 CEST49736443192.168.2.4142.250.185.174
                                                        Oct 3, 2024 23:16:04.286453009 CEST44349736142.250.185.174192.168.2.4
                                                        Oct 3, 2024 23:16:04.286580086 CEST49736443192.168.2.4142.250.185.174
                                                        Oct 3, 2024 23:16:04.286591053 CEST44349736142.250.185.174192.168.2.4
                                                        Oct 3, 2024 23:16:04.335721016 CEST49736443192.168.2.4142.250.185.174
                                                        Oct 3, 2024 23:16:04.590147018 CEST44349736142.250.185.174192.168.2.4
                                                        Oct 3, 2024 23:16:04.590204000 CEST44349736142.250.185.174192.168.2.4
                                                        Oct 3, 2024 23:16:04.590411901 CEST44349736142.250.185.174192.168.2.4
                                                        Oct 3, 2024 23:16:04.590723991 CEST49736443192.168.2.4142.250.185.174
                                                        Oct 3, 2024 23:16:04.594245911 CEST49736443192.168.2.4142.250.185.174
                                                        Oct 3, 2024 23:16:04.594294071 CEST44349736142.250.185.174192.168.2.4
                                                        Oct 3, 2024 23:16:06.814971924 CEST49741443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:16:06.815009117 CEST44349741142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:16:06.815093040 CEST49741443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:16:06.815375090 CEST49741443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:16:06.815392971 CEST44349741142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:16:06.954283953 CEST49742443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:06.954319000 CEST44349742184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:06.954392910 CEST49742443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:06.956963062 CEST49742443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:06.956974983 CEST44349742184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:07.460030079 CEST44349741142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:16:07.460453033 CEST49741443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:16:07.460477114 CEST44349741142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:16:07.461662054 CEST44349741142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:16:07.461747885 CEST49741443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:16:07.462790966 CEST49741443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:16:07.462861061 CEST44349741142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:16:07.507340908 CEST49741443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:16:07.507361889 CEST44349741142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:16:07.554112911 CEST49741443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:16:07.610600948 CEST44349742184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:07.610671997 CEST49742443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:07.614743948 CEST49742443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:07.614753962 CEST44349742184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:07.615242004 CEST44349742184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:07.663374901 CEST49742443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:07.707443953 CEST44349742184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:07.886071920 CEST44349742184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:07.886209965 CEST44349742184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:07.886267900 CEST49742443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:07.930591106 CEST49742443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:07.930609941 CEST44349742184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:07.930620909 CEST49742443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:07.930625916 CEST44349742184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:08.257194996 CEST49745443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:08.257289886 CEST44349745184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:08.257447004 CEST49745443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:08.259342909 CEST49745443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:08.259367943 CEST44349745184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:08.895854950 CEST44349745184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:08.895950079 CEST49745443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:08.897756100 CEST49745443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:08.897785902 CEST44349745184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:08.898124933 CEST44349745184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:08.899238110 CEST49745443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:08.939419985 CEST44349745184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:09.171037912 CEST44349745184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:09.171190023 CEST44349745184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:09.171499014 CEST49745443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:09.171916008 CEST49745443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:09.171943903 CEST44349745184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:09.171968937 CEST49745443192.168.2.4184.28.90.27
                                                        Oct 3, 2024 23:16:09.171983004 CEST44349745184.28.90.27192.168.2.4
                                                        Oct 3, 2024 23:16:11.988836050 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:11.988881111 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:11.988940001 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:11.990005016 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:11.990022898 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.623183012 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.623409986 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:12.623425961 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.624716997 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.624782085 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:12.627193928 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.627254963 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:12.628407001 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:12.628484011 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.628632069 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:12.628639936 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.679008007 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:12.937148094 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.937282085 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.937436104 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:12.937452078 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.937485933 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.937505007 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:12.942702055 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.942873001 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:12.942888975 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.949359894 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.949444056 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.949539900 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:12.949548960 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.949611902 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:12.955698967 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.955869913 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:12.962373018 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.962502003 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.962543011 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:12.962549925 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:12.962735891 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:13.023190022 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.023355007 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.023417950 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:13.023474932 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.023665905 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:13.026470900 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.026551008 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:13.032767057 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.032876968 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.032947063 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:13.032955885 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.033000946 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:13.038778067 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.038975000 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:13.045130014 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.045216084 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:13.045231104 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.052330017 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.052400112 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:13.052414894 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.057867050 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.057955027 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:13.057964087 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.058192968 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.058283091 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:13.060863972 CEST49757443192.168.2.4142.250.184.238
                                                        Oct 3, 2024 23:16:13.060885906 CEST44349757142.250.184.238192.168.2.4
                                                        Oct 3, 2024 23:16:13.450357914 CEST49760443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:13.450417042 CEST44349760142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:13.450504065 CEST49760443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:13.475364923 CEST49760443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:13.475400925 CEST44349760142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:13.477600098 CEST49761443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:13.477627993 CEST44349761142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:13.477693081 CEST49761443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:13.477951050 CEST49761443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:13.477966070 CEST44349761142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.116915941 CEST44349760142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.117269993 CEST49760443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.117316961 CEST44349760142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.117629051 CEST44349760142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.117717981 CEST49760443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.118221998 CEST44349760142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.118277073 CEST49760443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.119293928 CEST49760443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.119349003 CEST44349760142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.119580030 CEST49760443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.119589090 CEST44349760142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.165420055 CEST49760443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.213391066 CEST44349761142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.215328932 CEST49761443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.215344906 CEST44349761142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.216073990 CEST44349761142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.216140985 CEST49761443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.217076063 CEST44349761142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.217137098 CEST49761443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.221906900 CEST49761443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.221993923 CEST44349761142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.222512007 CEST49761443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.222520113 CEST44349761142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.273729086 CEST49761443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.420526981 CEST44349760142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.421132088 CEST44349760142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.421228886 CEST49760443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.421230078 CEST49760443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.421279907 CEST49760443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.422358036 CEST49764443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.422408104 CEST44349764142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.422481060 CEST49764443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.422890902 CEST49764443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.422909975 CEST44349764142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.511900902 CEST44349761142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.512270927 CEST44349761142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.512326956 CEST49761443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.512543917 CEST49761443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.512563944 CEST44349761142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.512573957 CEST49761443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.512604952 CEST49761443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.513523102 CEST49765443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.513621092 CEST44349765142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.513693094 CEST49765443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.513928890 CEST49765443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:14.513963938 CEST44349765142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:14.517380953 CEST49672443192.168.2.4173.222.162.32
                                                        Oct 3, 2024 23:16:14.517463923 CEST44349672173.222.162.32192.168.2.4
                                                        Oct 3, 2024 23:16:14.786791086 CEST49767443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:14.786834955 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:14.787034035 CEST49767443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:14.787848949 CEST49767443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:14.787863970 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:15.059499025 CEST44349764142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.059798002 CEST49764443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.059861898 CEST44349764142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.060398102 CEST44349764142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.060461998 CEST49764443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.061404943 CEST44349764142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.061463118 CEST49764443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.061645031 CEST49764443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.061729908 CEST44349764142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.061913013 CEST49764443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.061935902 CEST44349764142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.061973095 CEST49764443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.101918936 CEST49764443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.101950884 CEST44349764142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.153178930 CEST44349765142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.153445959 CEST49765443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.153510094 CEST44349765142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.154762983 CEST44349765142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.154839993 CEST49765443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.157283068 CEST44349765142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.157360077 CEST49765443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.157480955 CEST49765443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.157613993 CEST44349765142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.157629013 CEST49765443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.157629013 CEST49765443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.157690048 CEST44349765142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.209017038 CEST49765443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.209076881 CEST44349765142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.255672932 CEST49765443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.283104897 CEST44349764142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.283248901 CEST44349764142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.283337116 CEST49764443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.284009933 CEST49764443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.284037113 CEST44349764142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.376879930 CEST44349765142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.377981901 CEST44349765142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.378088951 CEST49765443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.379179001 CEST49765443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:15.379221916 CEST44349765142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:15.586402893 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:15.586523056 CEST49767443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:15.603610992 CEST49767443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:15.603676081 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:15.604108095 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:15.648679972 CEST49767443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:15.792177916 CEST49741443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:16:15.839406013 CEST44349741142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:16:16.060796976 CEST44349741142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:16:16.060862064 CEST44349741142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:16:16.060929060 CEST44349741142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:16:16.060985088 CEST49741443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:16:16.061012983 CEST44349741142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:16:16.061094999 CEST44349741142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:16:16.061168909 CEST49741443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:16:16.061747074 CEST49741443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:16:16.061764956 CEST44349741142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:16:16.526602983 CEST49767443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:16.571428061 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:16.786130905 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:16.786189079 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:16.786209106 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:16.786248922 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:16.786283970 CEST49767443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:16.786324024 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:16.786348104 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:16.786375999 CEST49767443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:16.786406994 CEST49767443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:16.786797047 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:16.786895990 CEST49767443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:16.786909103 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:16.786966085 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:16.787041903 CEST49767443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:17.449733019 CEST49767443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:17.449749947 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:17.449903965 CEST49767443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:17.449913025 CEST443497674.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:18.870498896 CEST4972380192.168.2.4199.232.210.172
                                                        Oct 3, 2024 23:16:18.876142025 CEST8049723199.232.210.172192.168.2.4
                                                        Oct 3, 2024 23:16:18.876220942 CEST4972380192.168.2.4199.232.210.172
                                                        Oct 3, 2024 23:16:20.935071945 CEST49779443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:20.935129881 CEST44349779142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:20.935218096 CEST49779443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:20.935765982 CEST49779443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:20.935785055 CEST44349779142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:21.574949026 CEST44349779142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:21.575412989 CEST49779443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:21.575447083 CEST44349779142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:21.576003075 CEST44349779142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:21.576293945 CEST49779443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:21.576384068 CEST44349779142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:21.576452017 CEST49779443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:21.576476097 CEST49779443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:21.576491117 CEST44349779142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:22.000416040 CEST44349779142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:22.000749111 CEST44349779142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:22.000809908 CEST49779443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:22.002360106 CEST49779443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:22.002388954 CEST44349779142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:24.755188942 CEST5509353192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:24.760056973 CEST53550931.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:24.760137081 CEST5509353192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:24.760226965 CEST5509353192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:24.765305996 CEST53550931.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:25.201129913 CEST53550931.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:25.202071905 CEST5509353192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:25.207510948 CEST53550931.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:25.207573891 CEST5509353192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:43.963917017 CEST55095443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:43.963956118 CEST44355095142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:43.964016914 CEST55095443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:43.965162992 CEST55095443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:43.965178013 CEST44355095142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:44.616611004 CEST44355095142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:44.616931915 CEST55095443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:44.616954088 CEST44355095142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:44.617285013 CEST44355095142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:44.617558956 CEST55095443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:44.617619038 CEST44355095142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:44.617733955 CEST55095443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:44.617755890 CEST55095443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:44.617769003 CEST44355095142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:44.806888103 CEST55096443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:44.806921959 CEST44355096142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:44.806978941 CEST55096443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:44.807256937 CEST55096443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:44.807271004 CEST44355096142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:44.917000055 CEST44355095142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:44.917669058 CEST44355095142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:44.917841911 CEST55095443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:44.920871973 CEST55095443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:44.920905113 CEST44355095142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:45.476052999 CEST44355096142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:45.478785992 CEST55096443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:45.478797913 CEST44355096142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:45.479552031 CEST44355096142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:45.479948997 CEST55096443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:45.480032921 CEST44355096142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:45.480149031 CEST55096443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:45.480178118 CEST55096443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:45.480182886 CEST44355096142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:45.782442093 CEST44355096142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:45.784152985 CEST44355096142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:45.784209967 CEST55096443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:45.784594059 CEST55096443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:45.784615040 CEST44355096142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:45.855488062 CEST55097443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:45.855577946 CEST44355097142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:45.855654001 CEST55097443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:45.855977058 CEST55097443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:45.856014013 CEST44355097142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:46.516251087 CEST44355097142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:46.516592026 CEST55097443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:46.516655922 CEST44355097142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:46.516992092 CEST44355097142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:46.517359018 CEST55097443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:46.517463923 CEST44355097142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:46.517561913 CEST55097443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:46.517561913 CEST55097443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:46.517611980 CEST44355097142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:46.816253901 CEST44355097142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:46.816934109 CEST44355097142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:46.817121029 CEST55097443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:46.845500946 CEST55097443192.168.2.4142.250.185.142
                                                        Oct 3, 2024 23:16:46.845565081 CEST44355097142.250.185.142192.168.2.4
                                                        Oct 3, 2024 23:16:54.728840113 CEST55098443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:54.728871107 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:54.728928089 CEST55098443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:54.729310036 CEST55098443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:54.729326010 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:55.525157928 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:55.525271893 CEST55098443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:55.529344082 CEST55098443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:55.529359102 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:55.529653072 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:55.537791967 CEST55098443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:55.579427004 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:55.643836021 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:55.643922091 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:55.644023895 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:55.644287109 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:55.644328117 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:55.856208086 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:55.856260061 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:55.856302023 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:55.856326103 CEST55098443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:55.856350899 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:55.856374979 CEST55098443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:55.856400013 CEST55098443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:55.857940912 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:55.858000040 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:55.858005047 CEST55098443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:55.858021021 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:55.858052969 CEST55098443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:55.858127117 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:55.858177900 CEST55098443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:55.861989975 CEST55098443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:55.862004995 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:55.862021923 CEST55098443192.168.2.44.175.87.197
                                                        Oct 3, 2024 23:16:55.862029076 CEST443550984.175.87.197192.168.2.4
                                                        Oct 3, 2024 23:16:56.305051088 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.305196047 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.340147018 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.340204000 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.341167927 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.350486994 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.395442963 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.448124886 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.448184967 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.448230982 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.448292971 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.448364019 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.448405027 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.448426962 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.534239054 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.534297943 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.534455061 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.534518957 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.534641981 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.535782099 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.535825968 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.535868883 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.535893917 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.535922050 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.535948038 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.620590925 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.620632887 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.620688915 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.620779037 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.620826006 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.621088028 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.621155977 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.621169090 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.621191025 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.621239901 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.621239901 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.622246981 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.622286081 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.622328043 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.622328043 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.622349024 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.622380018 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.622437000 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.706605911 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.706666946 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.706739902 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.706739902 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.706805944 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.706943035 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.706990004 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.707021952 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.707051992 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.707079887 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.707191944 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.707587957 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.707631111 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.707659006 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.707680941 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.707706928 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.707732916 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.708394051 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.708434105 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.708465099 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.708483934 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.708509922 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.708548069 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.709516048 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.709559917 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.709582090 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.709594965 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.709624052 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.709645987 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.710580111 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.710618019 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.710647106 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.710659981 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.710689068 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.710767984 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.711323977 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.711363077 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.711436033 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.711436987 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.711452961 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.711555004 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.711633921 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.711700916 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.711716890 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.711751938 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.711766005 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.711792946 CEST55099443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.711796045 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.711822033 CEST4435509913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.750905037 CEST55100443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.750950098 CEST4435510013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.751127005 CEST55100443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.751549959 CEST55100443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.751576900 CEST4435510013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.752556086 CEST55101443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.752585888 CEST4435510113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.752681971 CEST55101443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.753058910 CEST55102443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.753058910 CEST55101443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.753067017 CEST4435510213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.753078938 CEST4435510113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.753190041 CEST55102443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.753190041 CEST55102443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.753205061 CEST4435510213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.754406929 CEST55103443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.754432917 CEST4435510313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.754914045 CEST55103443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.754936934 CEST55104443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.754995108 CEST55103443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.755016088 CEST4435510313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.755023956 CEST4435510413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:56.755110025 CEST55104443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.755177975 CEST55104443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:56.755199909 CEST4435510413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.393055916 CEST4435510113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.393769026 CEST55101443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.393795967 CEST4435510113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.394273996 CEST55101443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.394279957 CEST4435510113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.402411938 CEST4435510013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.402717113 CEST55100443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.402795076 CEST4435510013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.403063059 CEST55100443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.403078079 CEST4435510013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.437206984 CEST4435510213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.437532902 CEST4435510413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.437571049 CEST55102443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.437581062 CEST4435510213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.437836885 CEST55104443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.437895060 CEST4435510413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.438019991 CEST55102443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.438024998 CEST4435510213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.438294888 CEST55104443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.438309908 CEST4435510413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.450470924 CEST4435510313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.450741053 CEST55103443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.450802088 CEST4435510313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.451064110 CEST55103443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.451078892 CEST4435510313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.494100094 CEST4435510113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.494117975 CEST4435510113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.494255066 CEST55101443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.494272947 CEST4435510113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.494314909 CEST55101443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.494472027 CEST4435510113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.494513988 CEST4435510113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.494546890 CEST55101443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.494566917 CEST4435510113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.494579077 CEST55101443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.494579077 CEST55101443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.494586945 CEST4435510113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.494599104 CEST4435510113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.497528076 CEST55105443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.497560978 CEST4435510513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.497637033 CEST55105443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.497813940 CEST55105443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.497828007 CEST4435510513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.504719973 CEST4435510013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.504770994 CEST4435510013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.504831076 CEST55100443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.504858971 CEST4435510013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.504913092 CEST4435510013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.504914999 CEST55100443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.504959106 CEST55100443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.504997015 CEST55100443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.504997015 CEST55100443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.505028009 CEST4435510013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.505049944 CEST4435510013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.506958008 CEST55106443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.506968021 CEST4435510613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.507026911 CEST55106443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.507142067 CEST55106443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.507150888 CEST4435510613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.543009043 CEST4435510213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.543163061 CEST4435510213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.543256998 CEST55102443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.543318033 CEST55102443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.543318033 CEST55102443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.543329954 CEST4435510213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.543337107 CEST4435510213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.543438911 CEST4435510413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.543581963 CEST4435510413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.543661118 CEST55104443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.543740988 CEST55104443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.543777943 CEST4435510413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.543821096 CEST55104443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.543839931 CEST4435510413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.546107054 CEST55107443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.546156883 CEST4435510713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.546190977 CEST55108443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.546231031 CEST55107443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.546276093 CEST4435510813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.546346903 CEST55108443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.546391010 CEST55107443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.546421051 CEST4435510713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.546480894 CEST55108443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.546516895 CEST4435510813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.548734903 CEST4435510313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.548779964 CEST4435510313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.548831940 CEST55103443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.548855066 CEST4435510313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.548892975 CEST4435510313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.548939943 CEST55103443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.548994064 CEST55103443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.549017906 CEST4435510313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.549041986 CEST55103443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.549056053 CEST4435510313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.551403046 CEST55109443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.551429033 CEST4435510913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:57.551621914 CEST55109443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.551621914 CEST55109443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:57.551644087 CEST4435510913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.134866953 CEST4435510513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.135345936 CEST55105443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.135369062 CEST4435510513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.135744095 CEST55105443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.135747910 CEST4435510513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.145307064 CEST4435510613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.145651102 CEST55106443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.145658970 CEST4435510613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.146013021 CEST55106443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.146017075 CEST4435510613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.201060057 CEST4435510913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.201757908 CEST55109443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.201772928 CEST4435510913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.202219009 CEST55109443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.202224016 CEST4435510913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.230494022 CEST4435510813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.230909109 CEST55108443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.230942011 CEST4435510813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.231301069 CEST55108443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.231309891 CEST4435510813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.234782934 CEST4435510713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.235076904 CEST55107443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.235135078 CEST4435510713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.235444069 CEST55107443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.235456944 CEST4435510713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.245220900 CEST4435510613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.245338917 CEST4435510613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.245405912 CEST55106443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.245599031 CEST55106443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.245618105 CEST4435510613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.245628119 CEST55106443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.245634079 CEST4435510613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.248347998 CEST55110443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.248373985 CEST4435511013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.248452902 CEST55110443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.248591900 CEST55110443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.248603106 CEST4435511013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.270510912 CEST4435510513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.270554066 CEST4435510513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.270603895 CEST55105443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.270725012 CEST55105443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.270730019 CEST4435510513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.270762920 CEST55105443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.270766973 CEST4435510513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.272861958 CEST55111443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.272952080 CEST4435511113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.273036003 CEST55111443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.273170948 CEST55111443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.273222923 CEST4435511113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.307446957 CEST4435510913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.307594061 CEST4435510913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.307656050 CEST55109443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.307708025 CEST55109443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.307720900 CEST4435510913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.307729006 CEST55109443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.307734013 CEST4435510913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.309689045 CEST55112443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.309727907 CEST4435511213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.309801102 CEST55112443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.309911013 CEST55112443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.309926987 CEST4435511213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.334984064 CEST4435510813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.335136890 CEST4435510813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.335304022 CEST55108443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.335304022 CEST55108443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.335304022 CEST55108443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.337229013 CEST4435510713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.337385893 CEST4435510713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.337456942 CEST55107443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.337531090 CEST55107443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.337531090 CEST55107443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.337572098 CEST4435510713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.337599039 CEST4435510713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.337606907 CEST55113443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.337651014 CEST4435511313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.337718010 CEST55113443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.337842941 CEST55113443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.337869883 CEST4435511313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.339322090 CEST55114443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.339334965 CEST4435511413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.339418888 CEST55114443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.339551926 CEST55114443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.339569092 CEST4435511413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.647479057 CEST55108443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.647542953 CEST4435510813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.918663979 CEST4435511013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.920017004 CEST4435511113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.959975958 CEST55110443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.959991932 CEST55111443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.961002111 CEST4435511213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.966991901 CEST55110443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.966999054 CEST4435511013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.967593908 CEST55110443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.967597961 CEST4435511013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.968045950 CEST55111443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.968100071 CEST4435511113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.968444109 CEST55111443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.968498945 CEST4435511113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.968637943 CEST55112443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.968660116 CEST4435511213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.969026089 CEST55112443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.969032049 CEST4435511213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.983783960 CEST4435511313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.984066963 CEST55113443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.984082937 CEST4435511313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:58.984397888 CEST55113443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:58.984404087 CEST4435511313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.012934923 CEST4435511413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.013257027 CEST55114443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.013273954 CEST4435511413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.013761997 CEST55114443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.013767958 CEST4435511413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.063787937 CEST4435511213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.063837051 CEST4435511213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.063890934 CEST55112443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.064183950 CEST55112443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.064183950 CEST55112443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.064203978 CEST4435511213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.064214945 CEST4435511213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.066833019 CEST55115443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.066859007 CEST4435511513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.066941023 CEST55115443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.067082882 CEST55115443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.067094088 CEST4435511513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.068042040 CEST4435511013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.068087101 CEST4435511013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.068126917 CEST55110443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.068222046 CEST55110443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.068239927 CEST4435511013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.068265915 CEST55110443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.068270922 CEST4435511013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.068353891 CEST4435511113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.068403959 CEST4435511113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.068469048 CEST55111443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.068469048 CEST55111443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.068469048 CEST55111443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.070341110 CEST55116443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.070429087 CEST4435511613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.070463896 CEST55117443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.070502996 CEST55116443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.070535898 CEST4435511713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.070604086 CEST55117443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.070669889 CEST55116443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.070697069 CEST4435511613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.070723057 CEST55117443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.070761919 CEST4435511713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.083236933 CEST4435511313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.083417892 CEST4435511313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.083477020 CEST55113443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.083642006 CEST55113443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.083642006 CEST55113443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.083657980 CEST4435511313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.083667994 CEST4435511313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.085320950 CEST55118443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.085397959 CEST4435511813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.085479021 CEST55118443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.085571051 CEST55118443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.085597038 CEST4435511813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.115763903 CEST4435511413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.115909100 CEST4435511413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.116178989 CEST55114443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.116246939 CEST55114443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.116270065 CEST4435511413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.116302013 CEST55114443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.116309881 CEST4435511413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.117973089 CEST55119443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.117996931 CEST4435511913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.118071079 CEST55119443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.118196964 CEST55119443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.118221045 CEST4435511913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.366439104 CEST55111443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.366512060 CEST4435511113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.710963011 CEST4435511613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.711450100 CEST55116443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.711513996 CEST4435511613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.711858034 CEST55116443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.711875916 CEST4435511613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.718255997 CEST4435511713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.718563080 CEST55117443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.718625069 CEST4435511713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.719006062 CEST55117443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.719060898 CEST4435511713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.722414970 CEST4435511513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.722702980 CEST55115443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.722731113 CEST4435511513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.723011017 CEST55115443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.723016977 CEST4435511513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.725035906 CEST4435511813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.725378036 CEST55118443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.725416899 CEST4435511813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.725894928 CEST55118443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.725904942 CEST4435511813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.797976971 CEST4435511913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.798275948 CEST55119443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.798296928 CEST4435511913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.798608065 CEST55119443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.798618078 CEST4435511913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.811172009 CEST4435511613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.811304092 CEST4435511613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.811367035 CEST55116443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.811443090 CEST55116443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.811443090 CEST55116443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.811470985 CEST4435511613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.811491966 CEST4435511613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.813522100 CEST55120443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.813553095 CEST4435512013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.813617945 CEST55120443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.813724041 CEST55120443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.813734055 CEST4435512013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.819830894 CEST4435511713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.819868088 CEST4435511713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.820038080 CEST55117443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.820141077 CEST55117443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.820141077 CEST55117443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.820183992 CEST4435511713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.820216894 CEST4435511713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.822566032 CEST55121443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.822658062 CEST4435512113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.822767019 CEST55121443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.822848082 CEST55121443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.822884083 CEST4435512113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.823276997 CEST4435511513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.823414087 CEST4435511513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.823467016 CEST55115443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.823491096 CEST55115443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.823503971 CEST4435511513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.823515892 CEST55115443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.823522091 CEST4435511513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.824074984 CEST4435511813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.824234009 CEST4435511813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.824431896 CEST55118443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.824431896 CEST55118443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.824433088 CEST55118443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.825738907 CEST55122443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.825790882 CEST55123443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.825808048 CEST4435512313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.825824976 CEST4435512213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.825871944 CEST55123443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.825906038 CEST55122443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.825977087 CEST55123443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.825983047 CEST4435512313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.826037884 CEST55122443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.826092005 CEST4435512213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.904355049 CEST4435511913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.904495001 CEST4435511913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.904583931 CEST55119443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.904701948 CEST55119443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.904728889 CEST4435511913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.904752970 CEST55119443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.904767990 CEST4435511913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.907177925 CEST55124443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.907222033 CEST4435512413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:16:59.907299042 CEST55124443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.907397032 CEST55124443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:16:59.907407045 CEST4435512413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.133089066 CEST55118443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.133117914 CEST4435511813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.497276068 CEST4435512313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.497977972 CEST55123443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.498009920 CEST4435512313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.498358011 CEST55123443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.498363018 CEST4435512313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.498924017 CEST4435512113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.499367952 CEST55121443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.499459982 CEST4435512113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.499703884 CEST55121443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.499720097 CEST4435512113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.515949011 CEST4435512013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.516350031 CEST55120443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.516381025 CEST4435512013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.516639948 CEST55120443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.516644955 CEST4435512013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.519073009 CEST4435512213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.519468069 CEST55122443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.519552946 CEST4435512213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.519596100 CEST55122443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.519610882 CEST4435512213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.569102049 CEST4435512413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.569901943 CEST55124443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.569943905 CEST4435512413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.570453882 CEST55124443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.570458889 CEST4435512413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.596980095 CEST4435512313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.597136974 CEST4435512313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.597202063 CEST55123443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.597255945 CEST55123443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.597275019 CEST4435512313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.597285986 CEST55123443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.597290993 CEST4435512313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.600061893 CEST55125443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.600148916 CEST4435512513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.600250006 CEST55125443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.600410938 CEST55125443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.600434065 CEST4435512513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.601377010 CEST4435512113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.601442099 CEST4435512113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.601504087 CEST55121443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.602253914 CEST55121443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.602299929 CEST4435512113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.602330923 CEST55121443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.602346897 CEST4435512113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.605514050 CEST55126443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.605537891 CEST4435512613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.605609894 CEST55126443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.605720997 CEST55126443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.605746984 CEST4435512613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.621937037 CEST4435512013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.622061014 CEST4435512013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.622127056 CEST55120443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.622155905 CEST55120443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.622155905 CEST55120443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.622164965 CEST4435512013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.622173071 CEST4435512013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.623852015 CEST55127443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.623882055 CEST4435512713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.623944044 CEST55127443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.624037981 CEST55127443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.624048948 CEST4435512713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.624659061 CEST4435512213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.624789000 CEST4435512213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.624862909 CEST55122443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.624862909 CEST55122443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.624938011 CEST55122443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.624977112 CEST4435512213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.626543045 CEST55128443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.626629114 CEST4435512813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.626719952 CEST55128443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.626799107 CEST55128443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.626825094 CEST4435512813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.686353922 CEST4435512413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.686511040 CEST4435512413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.686582088 CEST55124443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.686669111 CEST55124443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.686681986 CEST4435512413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.686717987 CEST55124443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.686722994 CEST4435512413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.689117908 CEST55129443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.689155102 CEST4435512913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:00.689219952 CEST55129443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.689330101 CEST55129443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:00.689342022 CEST4435512913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.255717039 CEST4435512613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.256320953 CEST55126443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.256381989 CEST4435512613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.256649017 CEST55126443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.256665945 CEST4435512613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.261261940 CEST4435512713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.261579990 CEST55127443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.261596918 CEST4435512713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.261912107 CEST55127443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.261915922 CEST4435512713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.267399073 CEST4435512513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.267656088 CEST55125443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.267714024 CEST4435512513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.267945051 CEST55125443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.267957926 CEST4435512513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.281912088 CEST4435512813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.282319069 CEST55128443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.282341003 CEST4435512813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.282586098 CEST55128443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.282593966 CEST4435512813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.324842930 CEST4435512913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.325774908 CEST55129443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.325804949 CEST4435512913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.326245070 CEST55129443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.326250076 CEST4435512913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.360061884 CEST4435512613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.360117912 CEST4435512613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.360179901 CEST55126443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.360315084 CEST55126443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.360316038 CEST55126443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.360358000 CEST4435512613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.360385895 CEST4435512613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.361146927 CEST4435512713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.361216068 CEST4435512713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.361260891 CEST55127443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.361454010 CEST55127443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.361468077 CEST4435512713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.361475945 CEST55127443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.361480951 CEST4435512713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.363394976 CEST55130443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.363425970 CEST4435513013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.363456011 CEST55131443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.363472939 CEST55130443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.363543034 CEST4435513113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.363600969 CEST55130443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.363611937 CEST4435513013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.363615036 CEST55131443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.363686085 CEST55131443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.363720894 CEST4435513113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.371474981 CEST4435512513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.371529102 CEST4435512513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.371577024 CEST55125443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.371699095 CEST55125443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.371699095 CEST55125443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.371714115 CEST4435512513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.371735096 CEST4435512513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.373445034 CEST55132443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.373469114 CEST4435513213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.373532057 CEST55132443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.373639107 CEST55132443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.373652935 CEST4435513213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.383761883 CEST4435512813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.383914948 CEST4435512813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.383980036 CEST55128443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.384022951 CEST55128443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.384022951 CEST55128443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.384046078 CEST4435512813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.384073019 CEST4435512813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.385695934 CEST55133443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.385740042 CEST4435513313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.385811090 CEST55133443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.385924101 CEST55133443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.385941029 CEST4435513313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.422902107 CEST4435512913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.423055887 CEST4435512913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.423140049 CEST55129443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.423161983 CEST55129443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.423173904 CEST4435512913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.423211098 CEST55129443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.423217058 CEST4435512913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.424870014 CEST55134443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.424885035 CEST4435513413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.424952030 CEST55134443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.425061941 CEST55134443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.425074100 CEST4435513413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.960352898 CEST4435513013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.961772919 CEST55130443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.961806059 CEST4435513013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:01.962548971 CEST55130443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:01.962553978 CEST4435513013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.003403902 CEST4435513113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.003817081 CEST55131443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.003899097 CEST4435513113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.004395962 CEST55131443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.004450083 CEST4435513113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.037842989 CEST4435513213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.038450003 CEST55132443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.038465023 CEST4435513213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.038718939 CEST55132443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.038722992 CEST4435513213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.040776968 CEST4435513313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.041100979 CEST55133443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.041136980 CEST4435513313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.041528940 CEST55133443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.041537046 CEST4435513313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.111535072 CEST4435513413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.111886978 CEST55134443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.111927986 CEST4435513413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.112205029 CEST55134443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.112210989 CEST4435513413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.129827976 CEST4435513013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.129993916 CEST4435513013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.130064964 CEST55130443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.130095959 CEST55130443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.130110025 CEST4435513013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.130146027 CEST55130443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.130151033 CEST4435513013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.130584002 CEST4435513113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.130644083 CEST4435513113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.130829096 CEST55131443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.130829096 CEST55131443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.130829096 CEST55131443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.138250113 CEST55135443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.138278008 CEST4435513513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.138345003 CEST55135443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.138448000 CEST55135443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.138463020 CEST4435513513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.138860941 CEST55136443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.138868093 CEST4435513613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.138928890 CEST55136443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.139002085 CEST55136443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.139012098 CEST4435513613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.144819021 CEST4435513313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.144954920 CEST4435513313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.145021915 CEST55133443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.145064116 CEST55133443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.145064116 CEST55133443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.145087957 CEST4435513313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.145102978 CEST4435513313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.146893024 CEST55138443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.146919966 CEST4435513813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.146970034 CEST55138443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.147089005 CEST55138443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.147104025 CEST4435513813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.232419968 CEST4435513213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.232572079 CEST4435513213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.232637882 CEST55132443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.232662916 CEST55132443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.232678890 CEST4435513213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.232693911 CEST55132443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.232697964 CEST4435513213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.234359980 CEST55139443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.234373093 CEST4435513913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.234448910 CEST55139443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.234569073 CEST55139443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.234579086 CEST4435513913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.281369925 CEST4435513413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.281516075 CEST4435513413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.281582117 CEST55134443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.281613111 CEST55134443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.281622887 CEST4435513413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.281661987 CEST55134443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.281670094 CEST4435513413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.283257961 CEST55140443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.283341885 CEST4435514013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.283449888 CEST55140443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.283516884 CEST55140443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.283540010 CEST4435514013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.444293022 CEST55131443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.444355011 CEST4435513113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.816787958 CEST4435513513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.817245007 CEST55135443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.817271948 CEST4435513513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.817673922 CEST55135443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.817678928 CEST4435513513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.843054056 CEST4435513813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.843605042 CEST55138443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.843637943 CEST4435513813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.843960047 CEST55138443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.843969107 CEST4435513813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.849921942 CEST4435513613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.850156069 CEST55136443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.850187063 CEST4435513613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.850446939 CEST55136443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.850454092 CEST4435513613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.905064106 CEST4435513913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.905461073 CEST55139443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.905484915 CEST4435513913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.905811071 CEST55139443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.905817032 CEST4435513913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.916197062 CEST4435513513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.916346073 CEST4435513513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.916395903 CEST55135443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.916420937 CEST55135443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.916429043 CEST4435513513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.916439056 CEST55135443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.916445971 CEST4435513513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.918812037 CEST55141443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.918838978 CEST4435514113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.919058084 CEST55141443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.919059038 CEST55141443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.919089079 CEST4435514113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.934873104 CEST4435514013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.935198069 CEST55140443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.935257912 CEST4435514013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.935700893 CEST55140443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.935755968 CEST4435514013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.946273088 CEST4435513813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.946403980 CEST4435513813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.946557999 CEST55138443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.946557999 CEST55138443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.946557999 CEST55138443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.948362112 CEST55142443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.948383093 CEST4435514213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.948456049 CEST55142443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.948570013 CEST55142443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.948580980 CEST4435514213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.957254887 CEST4435513613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.957298040 CEST4435513613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.957346916 CEST55136443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.957417011 CEST55136443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.957428932 CEST4435513613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.957462072 CEST55136443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.957468033 CEST4435513613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.959175110 CEST55143443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.959260941 CEST4435514313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:02.959352016 CEST55143443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.959466934 CEST55143443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:02.959506989 CEST4435514313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.008877993 CEST4435513913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.009037018 CEST4435513913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.009217978 CEST55139443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.009270906 CEST55139443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.009270906 CEST55139443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.009289980 CEST4435513913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.009299040 CEST4435513913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.011152029 CEST55144443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.011200905 CEST4435514413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.011267900 CEST55144443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.011405945 CEST55144443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.011415958 CEST4435514413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.038938999 CEST4435514013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.039122105 CEST4435514013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.039321899 CEST55140443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.039452076 CEST55140443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.039453030 CEST55140443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.039496899 CEST4435514013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.039529085 CEST4435514013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.041697979 CEST55145443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.041783094 CEST4435514513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.042026997 CEST55145443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.042026997 CEST55145443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.042195082 CEST4435514513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.256789923 CEST55138443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.256830931 CEST4435513813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.562670946 CEST4435514113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.563524961 CEST55141443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.563581944 CEST4435514113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.563920975 CEST55141443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.563941002 CEST4435514113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.604269028 CEST4435514513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.604435921 CEST4435514213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.604739904 CEST55145443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.604799986 CEST4435514513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.604808092 CEST55142443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.604836941 CEST4435514213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.605175972 CEST55145443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.605191946 CEST4435514513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.605246067 CEST55142443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.605256081 CEST4435514213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.635004997 CEST4435514313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.635648966 CEST55143443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.635680914 CEST4435514313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.636142969 CEST55143443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.636198044 CEST4435514313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.661907911 CEST4435514113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.662040949 CEST4435514113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.662105083 CEST55141443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.662188053 CEST55141443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.662203074 CEST4435514113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.662210941 CEST55141443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.662216902 CEST4435514113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.664813995 CEST55146443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.664897919 CEST4435514613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.664978027 CEST55146443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.665117979 CEST55146443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.665153980 CEST4435514613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.690728903 CEST4435514413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.691082954 CEST55144443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.691107035 CEST4435514413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.691660881 CEST55144443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.691665888 CEST4435514413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.702594042 CEST4435514513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.702744007 CEST4435514513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.702811003 CEST55145443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.702892065 CEST55145443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.702892065 CEST55145443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.702934027 CEST4435514513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.702961922 CEST4435514513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.705013990 CEST55147443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.705038071 CEST4435514713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.705115080 CEST55147443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.705158949 CEST4435514213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.705271006 CEST55147443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.705282927 CEST4435514713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.705290079 CEST4435514213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.705348015 CEST55142443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.705411911 CEST55142443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.705411911 CEST55142443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.705435991 CEST4435514213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.705456972 CEST4435514213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.707496881 CEST55148443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.707530022 CEST4435514813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.707592964 CEST55148443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.707700968 CEST55148443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.707710981 CEST4435514813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.751843929 CEST4435514313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.751919985 CEST4435514313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.751993895 CEST55143443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.752320051 CEST55143443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.752320051 CEST55143443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.752351999 CEST4435514313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.752370119 CEST4435514313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.755650043 CEST55149443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.755733013 CEST4435514913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.755804062 CEST55149443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.756026030 CEST55149443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.756063938 CEST4435514913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.793359995 CEST4435514413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.793517113 CEST4435514413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.793575048 CEST55144443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.798908949 CEST55144443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.798923969 CEST4435514413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.798933983 CEST55144443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.798938990 CEST4435514413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.801628113 CEST55150443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.801656961 CEST4435515013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:03.801733017 CEST55150443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.801908970 CEST55150443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:03.801937103 CEST4435515013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.329081059 CEST4435514713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.329545975 CEST55147443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.329576015 CEST4435514713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.330059052 CEST55147443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.330064058 CEST4435514713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.372637987 CEST4435514613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.372965097 CEST55146443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.373040915 CEST4435514613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.373322010 CEST55146443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.373337030 CEST4435514613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.416764021 CEST4435514813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.417152882 CEST55148443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.417181969 CEST4435514813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.417468071 CEST55148443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.417473078 CEST4435514813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.433336973 CEST4435514713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.433495998 CEST4435514713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.433573008 CEST55147443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.433726072 CEST55147443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.433743000 CEST4435514713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.433753014 CEST55147443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.433759928 CEST4435514713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.451647043 CEST55151443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.451692104 CEST4435515113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.451788902 CEST55151443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.451971054 CEST55151443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.451982975 CEST4435515113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.478224039 CEST4435514613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.478302002 CEST4435514613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.478651047 CEST55146443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.478652000 CEST55146443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.478652000 CEST55146443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.480937004 CEST55152443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.480983019 CEST4435515213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.481178999 CEST55152443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.481178999 CEST55152443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.481213093 CEST4435515213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.510118008 CEST4435515013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.510543108 CEST55150443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.510618925 CEST4435515013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.510976076 CEST55150443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.510991096 CEST4435515013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.520155907 CEST4435514813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.520303011 CEST4435514813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.520363092 CEST55148443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.520394087 CEST55148443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.520394087 CEST55148443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.520406961 CEST4435514813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.520415068 CEST4435514813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.522324085 CEST55153443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.522411108 CEST4435515313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.522496939 CEST55153443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.522687912 CEST55153443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.522720098 CEST4435515313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.611150980 CEST4435515013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.611319065 CEST4435515013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.611507893 CEST55150443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.611588001 CEST55150443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.611588001 CEST55150443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.611629963 CEST4435515013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.611660004 CEST4435515013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.613357067 CEST55154443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.613383055 CEST4435515413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.613615036 CEST55154443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.613615036 CEST55154443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.613735914 CEST4435515413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:04.788286924 CEST55146443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:04.788347960 CEST4435514613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.096380949 CEST4435515113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.096913099 CEST55151443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.096926928 CEST4435515113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.097388983 CEST55151443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.097393036 CEST4435515113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.125891924 CEST4435515213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.126245022 CEST55152443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.126291990 CEST4435515213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.126622915 CEST55152443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.126636028 CEST4435515213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.177259922 CEST4435515313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.178026915 CEST55153443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.178088903 CEST4435515313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.178544998 CEST55153443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.178597927 CEST4435515313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.195544004 CEST4435515113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.195698023 CEST4435515113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.195811033 CEST55151443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.195836067 CEST55151443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.195849895 CEST4435515113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.195858955 CEST55151443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.195863962 CEST4435515113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.198472023 CEST55155443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.198544025 CEST4435515513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.198621988 CEST55155443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.198734999 CEST55155443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.198755980 CEST4435515513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.225256920 CEST4435515213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.225385904 CEST4435515213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.225414991 CEST4435514913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.225449085 CEST55152443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.225728035 CEST55152443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.225728035 CEST55152443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.225753069 CEST4435515213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.225776911 CEST4435515213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.225856066 CEST55149443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.225924015 CEST4435514913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.226310015 CEST55149443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.226327896 CEST4435514913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.227861881 CEST55156443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.227899075 CEST4435515613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.228116035 CEST55156443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.228116035 CEST55156443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.228143930 CEST4435515613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.265820980 CEST4435515413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.266274929 CEST55154443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.266335011 CEST4435515413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.266649008 CEST55154443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.266665936 CEST4435515413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.278940916 CEST4435515313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.279071093 CEST4435515313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.279242039 CEST55153443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.279242992 CEST55153443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.279242992 CEST55153443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.281955957 CEST55157443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.281985044 CEST4435515713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.282140017 CEST55157443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.282176971 CEST55157443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.282186031 CEST4435515713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.327946901 CEST4435514913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.327996969 CEST4435514913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.328365088 CEST55149443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.328365088 CEST55149443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.328365088 CEST55149443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.329827070 CEST55158443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.329854965 CEST4435515813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.329916000 CEST55158443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.330008984 CEST55158443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.330023050 CEST4435515813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.366746902 CEST4435515413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.366909981 CEST4435515413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.367060900 CEST55154443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.367129087 CEST55154443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.367129087 CEST55154443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.367150068 CEST4435515413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.367166042 CEST4435515413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.368669987 CEST55159443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.368696928 CEST4435515913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.368757010 CEST55159443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.368849039 CEST55159443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.368863106 CEST4435515913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.585458040 CEST55153443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.585489035 CEST4435515313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.632143021 CEST55149443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.632205009 CEST4435514913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.875528097 CEST4435515513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.885695934 CEST55155443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.885721922 CEST4435515513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.886550903 CEST55155443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.886565924 CEST4435515513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.911897898 CEST4435515613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.917599916 CEST55156443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.917629957 CEST4435515613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.917982101 CEST55156443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.917988062 CEST4435515613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.939182997 CEST4435515713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.939515114 CEST55157443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.939538002 CEST4435515713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.939946890 CEST55157443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.939953089 CEST4435515713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.963418961 CEST4435515813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.963959932 CEST55158443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.963968992 CEST4435515813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.964333057 CEST55158443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.964339972 CEST4435515813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.986207008 CEST4435515513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.986366987 CEST4435515513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.986438036 CEST55155443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.986521006 CEST55155443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.986521006 CEST55155443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.986567020 CEST4435515513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.986593008 CEST4435515513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.988564014 CEST55160443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.988646984 CEST4435516013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:05.988725901 CEST55160443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.988832951 CEST55160443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:05.988867044 CEST4435516013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.020411968 CEST4435515613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.020567894 CEST4435515613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.020612001 CEST55156443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.020651102 CEST55156443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.020651102 CEST55156443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.020668030 CEST4435515613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.020678997 CEST4435515613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.022604942 CEST55161443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.022629976 CEST4435516113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.022685051 CEST55161443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.022793055 CEST55161443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.022800922 CEST4435516113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.026375055 CEST4435515913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.026664972 CEST55159443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.026675940 CEST4435515913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.027038097 CEST55159443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.027044058 CEST4435515913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.039294004 CEST4435515713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.039484978 CEST4435515713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.039536953 CEST55157443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.040201902 CEST55157443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.040215969 CEST4435515713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.040230989 CEST55157443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.040236950 CEST4435515713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.042083979 CEST55162443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.042095900 CEST4435516213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.042151928 CEST55162443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.042283058 CEST55162443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.042292118 CEST4435516213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.062693119 CEST4435515813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.062741041 CEST4435515813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.062781096 CEST55158443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.063087940 CEST55158443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.063096046 CEST4435515813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.063107967 CEST55158443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.063112974 CEST4435515813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.065799952 CEST55163443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.065885067 CEST4435516313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.065963984 CEST55163443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.066473007 CEST55163443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.066507101 CEST4435516313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.133603096 CEST4435515913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.133764982 CEST4435515913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.133842945 CEST55159443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.133877039 CEST55159443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.133877039 CEST55159443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.133898973 CEST4435515913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.133908987 CEST4435515913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.135814905 CEST55164443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.135885000 CEST4435516413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.135973930 CEST55164443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.136085033 CEST55164443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.136106968 CEST4435516413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.656923056 CEST4435516013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.657377958 CEST55160443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.657455921 CEST4435516013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.657768011 CEST55160443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.657785892 CEST4435516013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.689127922 CEST4435516213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.689831018 CEST55162443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.689831972 CEST55162443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.689858913 CEST4435516213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.689874887 CEST4435516213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.692524910 CEST4435516113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.692754030 CEST55161443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.692770004 CEST4435516113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.693216085 CEST55161443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.693222046 CEST4435516113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.716360092 CEST4435516313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.716656923 CEST55163443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.716733932 CEST4435516313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.716955900 CEST55163443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.716972113 CEST4435516313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.762617111 CEST4435516013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.762676001 CEST4435516013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.762887955 CEST55160443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.762984991 CEST55160443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.762984991 CEST55160443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.763027906 CEST4435516013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.763067007 CEST4435516013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.765654087 CEST55165443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.765683889 CEST4435516513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.765758038 CEST55165443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.765877008 CEST55165443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.765892029 CEST4435516513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.788502932 CEST4435516213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.788650990 CEST4435516213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.788705111 CEST55162443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.789958000 CEST55162443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.789958000 CEST55162443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.789978027 CEST4435516213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.789989948 CEST4435516213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.792820930 CEST55166443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.792830944 CEST4435516613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.792879105 CEST55166443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.793004036 CEST55166443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.793013096 CEST4435516613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.794186115 CEST4435516413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.794524908 CEST55164443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.794600964 CEST4435516413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.794980049 CEST55164443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.794995070 CEST4435516413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.795295000 CEST4435516113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.795480013 CEST4435516113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.795542002 CEST55161443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.795574903 CEST55161443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.795574903 CEST55161443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.795583010 CEST4435516113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.795592070 CEST4435516113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.797863007 CEST55167443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.797916889 CEST4435516713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.797981977 CEST55167443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.798115015 CEST55167443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.798145056 CEST4435516713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.821027040 CEST4435516313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.821088076 CEST4435516313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.821146011 CEST55163443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.821301937 CEST55163443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.821301937 CEST55163443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.821345091 CEST4435516313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.821371078 CEST4435516313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.823549986 CEST55168443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.823580027 CEST4435516813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.823638916 CEST55168443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.823739052 CEST55168443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.823755026 CEST4435516813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.858994007 CEST55169443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:17:06.859023094 CEST44355169142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:17:06.859097004 CEST55169443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:17:06.859342098 CEST55169443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:17:06.859360933 CEST44355169142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:17:06.894593000 CEST4435516413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.894792080 CEST4435516413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.894867897 CEST55164443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.894968033 CEST55164443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.894968033 CEST55164443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.894992113 CEST4435516413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.895015001 CEST4435516413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.897525072 CEST55170443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.897573948 CEST4435517013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:06.897778034 CEST55170443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.897898912 CEST55170443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:06.897914886 CEST4435517013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.436009884 CEST4435516613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.436599970 CEST55166443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.436626911 CEST4435516613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.437119007 CEST55166443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.437124014 CEST4435516613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.440608025 CEST4435516713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.440946102 CEST55167443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.441030025 CEST4435516713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.441509962 CEST55167443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.441524982 CEST4435516713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.445949078 CEST4435516513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.446352005 CEST55165443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.446362972 CEST4435516513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.446726084 CEST55165443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.446728945 CEST4435516513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.460853100 CEST4435516813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.462115049 CEST55168443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.462165117 CEST4435516813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.462547064 CEST55168443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.462565899 CEST4435516813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.525870085 CEST44355169142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:17:07.526438951 CEST55169443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:17:07.526463985 CEST44355169142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:17:07.526928902 CEST44355169142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:17:07.527394056 CEST55169443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:17:07.527488947 CEST44355169142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:17:07.535815954 CEST4435516613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.535974026 CEST4435516613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.536056042 CEST55166443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.536155939 CEST55166443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.536173105 CEST4435516613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.536181927 CEST55166443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.536186934 CEST4435516613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.536659956 CEST4435517013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.537166119 CEST55170443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.537194014 CEST4435517013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.537749052 CEST55170443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.537754059 CEST4435517013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.539350033 CEST55171443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.539380074 CEST4435517113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.539463997 CEST55171443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.540607929 CEST55171443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.540626049 CEST4435517113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.540949106 CEST4435516713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.541012049 CEST4435516713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.541083097 CEST55167443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.541196108 CEST55167443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.541241884 CEST4435516713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.541274071 CEST55167443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.541290045 CEST4435516713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.543759108 CEST55172443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.543847084 CEST4435517213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.543937922 CEST55172443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.544053078 CEST55172443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.544091940 CEST4435517213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.551673889 CEST4435516513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.551821947 CEST4435516513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.551877022 CEST55165443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.551903009 CEST55165443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.551912069 CEST4435516513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.551928043 CEST55165443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.551933050 CEST4435516513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.554249048 CEST55173443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.554338932 CEST4435517313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.554419994 CEST55173443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.554579973 CEST55173443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.554608107 CEST4435517313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.561261892 CEST4435516813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.561381102 CEST4435516813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.561429024 CEST55168443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.561517000 CEST55168443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.561522961 CEST4435516813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.561536074 CEST55168443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.561539888 CEST4435516813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.563761950 CEST55174443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.563791990 CEST4435517413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.563873053 CEST55174443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.564002991 CEST55174443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.564028025 CEST4435517413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.569770098 CEST55169443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:17:07.640393019 CEST4435517013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.640538931 CEST4435517013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.640607119 CEST55170443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.640692949 CEST55170443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.640717030 CEST4435517013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.640729904 CEST55170443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.640736103 CEST4435517013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.643369913 CEST55175443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.643456936 CEST4435517513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:07.643553972 CEST55175443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.643739939 CEST55175443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:07.643774986 CEST4435517513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.148490906 CEST4972480192.168.2.4199.232.210.172
                                                        Oct 3, 2024 23:17:08.154604912 CEST8049724199.232.210.172192.168.2.4
                                                        Oct 3, 2024 23:17:08.154836893 CEST4972480192.168.2.4199.232.210.172
                                                        Oct 3, 2024 23:17:08.179172039 CEST4435517113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.182305098 CEST55171443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.182324886 CEST4435517113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.182771921 CEST55171443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.182776928 CEST4435517113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.184211016 CEST4435517213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.195962906 CEST55172443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.196043968 CEST4435517213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.196492910 CEST55172443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.196547985 CEST4435517213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.198343039 CEST4435517413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.211570978 CEST55174443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.211599112 CEST4435517413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.212131977 CEST55174443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.212137938 CEST4435517413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.230293989 CEST4435517313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.234638929 CEST55173443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.234661102 CEST4435517313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.235074997 CEST55173443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.235079050 CEST4435517313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.297377110 CEST4435517113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.297468901 CEST4435517113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.297529936 CEST55171443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.299550056 CEST55171443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.299562931 CEST4435517113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.299572945 CEST55171443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.299577951 CEST4435517113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.302808046 CEST4435517513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.304959059 CEST4435517213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.305119991 CEST4435517213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.305203915 CEST55172443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.308662891 CEST55172443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.308664083 CEST55172443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.308729887 CEST4435517213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.308767080 CEST4435517213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.310496092 CEST4435517413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.310539007 CEST4435517413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.310586929 CEST55174443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.316802979 CEST55174443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.316814899 CEST4435517413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.316823006 CEST55174443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.316828012 CEST4435517413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.328140020 CEST55175443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.328200102 CEST4435517513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.335789919 CEST55175443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.335843086 CEST4435517513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.336323977 CEST4435517313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.336467028 CEST4435517313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.336517096 CEST55173443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.339701891 CEST55173443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.339706898 CEST4435517313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.339716911 CEST55173443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.339720011 CEST4435517313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.371259928 CEST55176443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.371300936 CEST4435517613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.371360064 CEST55176443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.375488043 CEST55177443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.375572920 CEST4435517713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.375650883 CEST55177443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.379488945 CEST55178443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.379573107 CEST4435517813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.379657030 CEST55178443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.379915953 CEST55176443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.379929066 CEST4435517613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.380146980 CEST55177443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.380147934 CEST55178443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.380234957 CEST4435517713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.380280018 CEST4435517813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.384284019 CEST55179443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.384290934 CEST4435517913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.384355068 CEST55179443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.384603024 CEST55179443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.384612083 CEST4435517913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.433291912 CEST4435517513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.433434010 CEST4435517513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.433497906 CEST55175443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.433573961 CEST55175443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.433573961 CEST55175443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.433618069 CEST4435517513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.433650970 CEST4435517513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.435595036 CEST55180443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.435622931 CEST4435518013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:08.435684919 CEST55180443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.435878992 CEST55180443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:08.435888052 CEST4435518013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.020797968 CEST4435517713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.021275043 CEST55177443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.021334887 CEST4435517713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.021893024 CEST55177443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.021908998 CEST4435517713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.027158976 CEST4435517613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.027576923 CEST55176443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.027594090 CEST4435517613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.028101921 CEST55176443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.028105974 CEST4435517613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.048846006 CEST4435517813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.049124002 CEST55178443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.049181938 CEST4435517813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.049463987 CEST55178443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.049479008 CEST4435517813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.076616049 CEST4435517913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.076894045 CEST55179443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.076920033 CEST4435517913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.077259064 CEST55179443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.077265978 CEST4435517913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.096929073 CEST4435518013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.097383022 CEST55180443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.097402096 CEST4435518013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.097846985 CEST55180443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.097851038 CEST4435518013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.122215986 CEST4435517713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.122231960 CEST4435517713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.122272015 CEST4435517713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.122318029 CEST55177443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.122378111 CEST55177443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.122545004 CEST55177443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.122545004 CEST55177443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.122585058 CEST4435517713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.122611046 CEST4435517713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.125471115 CEST55181443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.125555038 CEST4435518113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.125648975 CEST55181443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.125787973 CEST55181443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.125828028 CEST4435518113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.127140045 CEST4435517613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.127295971 CEST4435517613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.127357006 CEST55176443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.127469063 CEST55176443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.127469063 CEST55176443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.127513885 CEST4435517613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.127541065 CEST4435517613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.129543066 CEST55182443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.129565954 CEST4435518213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.129648924 CEST55182443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.129756927 CEST55182443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.129785061 CEST4435518213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.152863979 CEST4435517813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.153009892 CEST4435517813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.153198957 CEST55178443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.153199911 CEST55178443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.153199911 CEST55178443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.155251980 CEST55183443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.155272007 CEST4435518313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.155343056 CEST55183443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.155461073 CEST55183443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.155469894 CEST4435518313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.179877043 CEST4435517913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.180206060 CEST4435517913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.180284977 CEST55179443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.180318117 CEST55179443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.180330992 CEST4435517913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.180346012 CEST55179443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.180351973 CEST4435517913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.182188034 CEST55184443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.182220936 CEST4435518413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.182275057 CEST55184443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.182384968 CEST55184443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.182398081 CEST4435518413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.202461958 CEST4435518013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.202522039 CEST4435518013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.202640057 CEST55180443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.202651024 CEST4435518013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.202820063 CEST55180443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.202827930 CEST4435518013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.202835083 CEST55180443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.202923059 CEST4435518013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.203084946 CEST4435518013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.205034971 CEST55185443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.205121994 CEST4435518513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.205219984 CEST55185443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.205513954 CEST55185443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.205595016 CEST4435518513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.460550070 CEST55178443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.460613012 CEST4435517813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.778594971 CEST4435518213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.779052973 CEST55182443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.779114008 CEST4435518213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.779634953 CEST55182443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.779689074 CEST4435518213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.791276932 CEST4435518113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.791788101 CEST55181443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.791873932 CEST4435518113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.791956902 CEST55181443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.791974068 CEST4435518113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.808670998 CEST4435518313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.808979988 CEST55183443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.808990002 CEST4435518313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.809401989 CEST55183443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.809406996 CEST4435518313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.823968887 CEST4435518413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.824255943 CEST55184443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.824274063 CEST4435518413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.824579954 CEST55184443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.824584007 CEST4435518413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.872154951 CEST4435518513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.872848988 CEST55185443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.872910976 CEST4435518513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.873053074 CEST55185443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.873069048 CEST4435518513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.878226042 CEST4435518213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.878271103 CEST4435518213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.878330946 CEST55182443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.878391027 CEST4435518213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.878484011 CEST55182443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.878484011 CEST55182443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.878503084 CEST4435518213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.878556013 CEST4435518213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.878566027 CEST55182443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.878596067 CEST4435518213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.880764008 CEST55186443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.880817890 CEST4435518613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.880892992 CEST55186443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.881000042 CEST55186443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.881016970 CEST4435518613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.894820929 CEST4435518113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.894867897 CEST4435518113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.894948959 CEST55181443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.895013094 CEST4435518113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.895051956 CEST4435518113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.895082951 CEST55181443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.895117998 CEST55181443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.895117998 CEST55181443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.895117998 CEST55181443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.895158052 CEST4435518113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.896846056 CEST55187443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.896866083 CEST4435518713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.896923065 CEST55187443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.897036076 CEST55187443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.897046089 CEST4435518713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.909112930 CEST4435518313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.909265995 CEST4435518313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.909327984 CEST55183443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.909375906 CEST55183443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.909389019 CEST4435518313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.909398079 CEST55183443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.909401894 CEST4435518313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.910965919 CEST55188443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.911010027 CEST4435518813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.911076069 CEST55188443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.911175013 CEST55188443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.911191940 CEST4435518813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.932998896 CEST4435518413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.933151007 CEST4435518413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.933212042 CEST55184443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.933239937 CEST55184443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.933247089 CEST4435518413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.933254957 CEST55184443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.933259010 CEST4435518413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.934998989 CEST55189443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.935029984 CEST4435518913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.935252905 CEST55189443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.935252905 CEST55189443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.935297012 CEST4435518913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.971976995 CEST4435518513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.972418070 CEST4435518513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.972600937 CEST55185443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.972600937 CEST55185443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.972600937 CEST55185443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.974795103 CEST55190443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.974817991 CEST4435519013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:09.974900007 CEST55190443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.975008011 CEST55190443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:09.975022078 CEST4435519013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.194721937 CEST55185443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.194785118 CEST4435518513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.194842100 CEST55181443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.194904089 CEST4435518113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.633711100 CEST4435518613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.634429932 CEST4435518713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.636027098 CEST55186443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.636110067 CEST4435518613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.636430025 CEST55186443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.636444092 CEST4435518613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.636590004 CEST55187443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.636607885 CEST4435518713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.636894941 CEST55187443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.636899948 CEST4435518713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.662231922 CEST4435519013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.669169903 CEST55190443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.669190884 CEST4435519013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.669770002 CEST55190443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.669774055 CEST4435519013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.674901962 CEST4435518913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.675216913 CEST55189443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.675231934 CEST4435518913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.675581932 CEST55189443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.675587893 CEST4435518913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.691350937 CEST4435518813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.693208933 CEST55188443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.693248034 CEST4435518813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.693558931 CEST55188443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.693566084 CEST4435518813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.736763000 CEST4435518713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.736954927 CEST4435518713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.737083912 CEST55187443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.737709045 CEST4435518613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.737865925 CEST4435518613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.739486933 CEST55186443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.742633104 CEST55187443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.742644072 CEST4435518713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.742675066 CEST55187443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.742681980 CEST4435518713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.743892908 CEST55186443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.743892908 CEST55186443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.743962049 CEST4435518613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.744008064 CEST4435518613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.756310940 CEST55191443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.756351948 CEST4435519113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.756412029 CEST55191443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.766084909 CEST55192443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.766112089 CEST55191443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.766128063 CEST4435519113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.766175032 CEST4435519213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.766254902 CEST55192443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.769505978 CEST55192443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.769587994 CEST4435519213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.776885033 CEST4435519013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.777081966 CEST4435519013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.777237892 CEST55190443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.779597044 CEST4435518913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.779644012 CEST4435518913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.779702902 CEST55189443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.795617104 CEST55190443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.795630932 CEST4435519013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.795665026 CEST55190443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.795670033 CEST4435519013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.798918962 CEST55189443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.798923016 CEST4435518913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.798933029 CEST55189443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.798935890 CEST4435518913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.799447060 CEST4435518813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.799562931 CEST4435518813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.799624920 CEST55188443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.810540915 CEST55188443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.810555935 CEST4435518813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.810566902 CEST55188443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.810573101 CEST4435518813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.833177090 CEST55193443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.833204985 CEST4435519313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.833273888 CEST55193443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.845616102 CEST55194443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.845629930 CEST4435519413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.845700979 CEST55194443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.846364021 CEST55195443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.846409082 CEST55193443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.846420050 CEST4435519313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.846457005 CEST4435519513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.846535921 CEST55194443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.846544981 CEST4435519413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:10.846570969 CEST55195443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.846667051 CEST55195443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:10.846698999 CEST4435519513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.413295031 CEST4435519213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.414005041 CEST55192443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.414067030 CEST4435519213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.414402008 CEST55192443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.414447069 CEST4435519113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.414455891 CEST4435519213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.414686918 CEST55191443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.414707899 CEST4435519113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.414972067 CEST55191443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.414978027 CEST4435519113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.479984999 CEST4435519513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.480359077 CEST55195443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.480417013 CEST4435519513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.480736017 CEST55195443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.480751038 CEST4435519513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.486223936 CEST4435519413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.486532927 CEST55194443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.486550093 CEST4435519413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.486916065 CEST55194443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.486921072 CEST4435519413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.487591028 CEST4435519313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.487843037 CEST55193443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.487852097 CEST4435519313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.488282919 CEST55193443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.488290071 CEST4435519313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.511885881 CEST4435519213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.512110949 CEST4435519213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.512166977 CEST55192443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.512197971 CEST55192443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.512212992 CEST4435519213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.512224913 CEST55192443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.512232065 CEST4435519213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.512944937 CEST4435519113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.513174057 CEST4435519113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.513227940 CEST55191443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.513396025 CEST55191443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.513410091 CEST4435519113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.513422966 CEST55191443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.513430119 CEST4435519113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.515430927 CEST55197443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.515455008 CEST4435519713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.515525103 CEST55197443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.515791893 CEST55197443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.515800953 CEST4435519713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.515825033 CEST55198443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.515830994 CEST4435519813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.515885115 CEST55198443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.516038895 CEST55198443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.516047955 CEST4435519813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.579653025 CEST4435519513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.579672098 CEST4435519513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.579699039 CEST4435519513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.579929113 CEST55195443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.579929113 CEST55195443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.579929113 CEST55195443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.579930067 CEST55195443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.581851006 CEST55199443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.581937075 CEST4435519913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.582026005 CEST55199443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.582143068 CEST55199443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.582195997 CEST4435519913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.584573030 CEST4435519413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.584721088 CEST4435519413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.584789991 CEST55194443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.584813118 CEST55194443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.584825993 CEST4435519413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.584835052 CEST55194443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.584839106 CEST4435519413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.585903883 CEST4435519313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.585944891 CEST4435519313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.585988045 CEST55193443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.585994959 CEST4435519313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.586091995 CEST4435519313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.586124897 CEST55193443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.586136103 CEST4435519313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.586143970 CEST55193443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.586147070 CEST4435519313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.586154938 CEST55193443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.586157084 CEST4435519313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.586882114 CEST55200443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.586977005 CEST4435520013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.587059021 CEST55200443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.587165117 CEST55200443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.587199926 CEST4435520013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.587850094 CEST55201443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.587861061 CEST4435520113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.587913990 CEST55201443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.588027000 CEST55201443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.588036060 CEST4435520113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:11.882839918 CEST55195443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:11.882916927 CEST4435519513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.158142090 CEST4435519813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.158586025 CEST55198443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.158612013 CEST4435519813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.159015894 CEST55198443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.159022093 CEST4435519813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.169437885 CEST4435519713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.169765949 CEST55197443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.169771910 CEST4435519713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.170121908 CEST55197443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.170125961 CEST4435519713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.220484972 CEST4435519913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.220813036 CEST55199443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.220844984 CEST4435519913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.221134901 CEST55199443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.221143007 CEST4435519913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.252696037 CEST4435520013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.253139019 CEST55200443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.253179073 CEST4435520013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.253362894 CEST55200443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.253371000 CEST4435520013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.260340929 CEST4435519813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.260910988 CEST4435519813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.260976076 CEST55198443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.261015892 CEST55198443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.261033058 CEST4435519813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.261042118 CEST55198443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.261046886 CEST4435519813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.263376951 CEST55202443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.263396025 CEST4435520213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.263465881 CEST55202443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.263596058 CEST55202443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.263607025 CEST4435520213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.268090010 CEST4435520113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.268346071 CEST55201443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.268352032 CEST4435520113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.268691063 CEST55201443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.268693924 CEST4435520113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.271640062 CEST4435519713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.271956921 CEST4435519713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.272010088 CEST55197443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.272038937 CEST55197443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.272046089 CEST4435519713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.272053957 CEST55197443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.272057056 CEST4435519713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.273938894 CEST55203443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.273982048 CEST4435520313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.274045944 CEST55203443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.274163008 CEST55203443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.274183035 CEST4435520313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.321419001 CEST4435519913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.321868896 CEST4435519913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.322015047 CEST55199443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.322015047 CEST55199443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.322015047 CEST55199443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.323759079 CEST55204443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.323802948 CEST4435520413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.323878050 CEST55204443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.323975086 CEST55204443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.323997974 CEST4435520413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.355894089 CEST4435520013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.355920076 CEST4435520013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.356004953 CEST55200443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.356023073 CEST4435520013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.356066942 CEST55200443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.356254101 CEST55200443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.356254101 CEST55200443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.356296062 CEST4435520013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.356323004 CEST4435520013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.358789921 CEST55205443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.358827114 CEST4435520513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.358916998 CEST55205443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.359055042 CEST55205443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.359066010 CEST4435520513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.374932051 CEST4435520113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.375091076 CEST4435520113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.375154018 CEST55201443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.375216007 CEST55201443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.375230074 CEST4435520113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.375236034 CEST55201443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.375240088 CEST4435520113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.377540112 CEST55206443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.377552032 CEST4435520613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.377620935 CEST55206443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.377753019 CEST55206443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.377759933 CEST4435520613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.632363081 CEST55199443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.632426023 CEST4435519913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.916922092 CEST4435520213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.919573069 CEST55202443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.919594049 CEST4435520213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.919991016 CEST55202443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.919995070 CEST4435520213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.926636934 CEST4435520313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.927234888 CEST55203443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.927295923 CEST4435520313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.927459002 CEST55203443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.927475929 CEST4435520313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.960601091 CEST4435520413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.961496115 CEST55204443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.961527109 CEST4435520413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:12.961853981 CEST55204443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:12.961879969 CEST4435520413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.018047094 CEST4435520213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.018405914 CEST4435520213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.018475056 CEST55202443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.018515110 CEST55202443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.018531084 CEST4435520213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.018539906 CEST55202443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.018544912 CEST4435520213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.018965006 CEST4435520513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.019308090 CEST55205443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.019328117 CEST4435520513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.019716024 CEST55205443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.019722939 CEST4435520513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.021215916 CEST55207443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.021301985 CEST4435520713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.021390915 CEST55207443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.021509886 CEST55207443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.021533966 CEST4435520713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.026571035 CEST4435520313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.026702881 CEST4435520313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.026777983 CEST55203443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.026854992 CEST55203443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.026854992 CEST55203443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.026896954 CEST4435520313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.026923895 CEST4435520313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.028898954 CEST55208443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.028944016 CEST4435520813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.029017925 CEST55208443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.029120922 CEST55208443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.029139042 CEST4435520813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.044790030 CEST4435520613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.045242071 CEST55206443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.045258999 CEST4435520613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.045610905 CEST55206443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.045615911 CEST4435520613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.069214106 CEST4435520413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.069879055 CEST4435520413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.069916964 CEST4435520413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.069947958 CEST55204443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.069979906 CEST55204443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.071775913 CEST55204443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.071775913 CEST55204443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.071795940 CEST4435520413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.071810007 CEST4435520413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.073998928 CEST55209443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.074023008 CEST4435520913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.074090004 CEST55209443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.074218988 CEST55209443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.074239016 CEST4435520913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.143785954 CEST4435520513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.144442081 CEST4435520513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.144733906 CEST55205443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.144733906 CEST55205443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.144733906 CEST55205443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.146889925 CEST4435520613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.146994114 CEST4435520613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.147048950 CEST55206443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.147067070 CEST4435520613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.147106886 CEST4435520613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.147144079 CEST55206443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.147166967 CEST4435520613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.147181988 CEST55206443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.147181988 CEST55206443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.147192001 CEST4435520613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.147200108 CEST4435520613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.147281885 CEST55210443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.147311926 CEST4435521013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.147368908 CEST55210443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.147516012 CEST55210443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.147531033 CEST4435521013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.149488926 CEST55211443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.149532080 CEST4435521113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.149609089 CEST55211443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.149724960 CEST55211443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.149740934 CEST4435521113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.447097063 CEST55205443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.447138071 CEST4435520513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.698781967 CEST4435520813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.699304104 CEST55208443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.699341059 CEST4435520813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.699750900 CEST55208443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.699757099 CEST4435520813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.701498985 CEST4435520713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.701857090 CEST55207443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.701935053 CEST4435520713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.702385902 CEST55207443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.702440977 CEST4435520713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.782725096 CEST4435521013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.783238888 CEST55210443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.783262968 CEST4435521013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.783704042 CEST55210443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.783710003 CEST4435521013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.790950060 CEST4435521113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.791354895 CEST55211443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.791399002 CEST4435521113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.791682959 CEST55211443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.791688919 CEST4435521113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.801597118 CEST4435520813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.801748991 CEST4435520813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.801821947 CEST55208443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.801996946 CEST55208443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.801996946 CEST55208443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.802026033 CEST4435520813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.802035093 CEST4435520813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.803823948 CEST4435520713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.804008007 CEST4435520713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.804080963 CEST55207443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.804183006 CEST55207443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.804183006 CEST55207443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.804225922 CEST4435520713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.804255009 CEST4435520713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.805124998 CEST55212443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.805167913 CEST4435521213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.805258989 CEST55212443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.805378914 CEST55212443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.805387020 CEST4435521213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.806225061 CEST55213443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.806309938 CEST4435521313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.806391001 CEST55213443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.806535006 CEST55213443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.806572914 CEST4435521313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.812366009 CEST4435520913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.812704086 CEST55209443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.812720060 CEST4435520913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.813093901 CEST55209443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.813100100 CEST4435520913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.885829926 CEST4435521013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.886085987 CEST4435521013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.886113882 CEST4435521013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.886126995 CEST55210443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.886159897 CEST55210443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.886187077 CEST55210443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.886195898 CEST4435521013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.889884949 CEST55215443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.889898062 CEST4435521513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.889974117 CEST55215443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.890167952 CEST55215443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.890178919 CEST4435521513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.908454895 CEST4435521113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.909054041 CEST4435521113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.909106016 CEST55211443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.909147024 CEST55211443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.909159899 CEST4435521113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.909173012 CEST55211443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.909178972 CEST4435521113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.912661076 CEST55216443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.912693977 CEST4435521613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:13.912748098 CEST55216443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.912859917 CEST55216443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:13.912872076 CEST4435521613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.007008076 CEST4435520913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.007653952 CEST4435520913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.007707119 CEST55209443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.007911921 CEST55209443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.007911921 CEST55209443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.007932901 CEST4435520913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.007944107 CEST4435520913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.010411024 CEST55217443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.010495901 CEST4435521713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.010648966 CEST55217443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.010787010 CEST55217443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.010823965 CEST4435521713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.446511030 CEST4435521313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.450894117 CEST55213443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.450957060 CEST4435521313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.451668978 CEST55213443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.451725006 CEST4435521313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.457947016 CEST4435521213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.458590031 CEST55212443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.458621025 CEST4435521213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.458939075 CEST55212443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.458942890 CEST4435521213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.523864985 CEST4435521513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.524327993 CEST55215443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.524343014 CEST4435521513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.524758101 CEST55215443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.524764061 CEST4435521513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.749804020 CEST4435521313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.749890089 CEST4435521213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.750010014 CEST4435521313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.750047922 CEST4435521213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.750113010 CEST55212443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.750148058 CEST55212443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.750159979 CEST4435521213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.750225067 CEST55213443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.750225067 CEST55213443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.750225067 CEST55213443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.752906084 CEST4435521713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.753333092 CEST55217443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.753391981 CEST4435521713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.753703117 CEST55217443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.753717899 CEST4435521713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.754707098 CEST55218443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.754760027 CEST4435521813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.754802942 CEST55219443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.754843950 CEST55218443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.754844904 CEST4435521913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.754911900 CEST55219443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.754985094 CEST55218443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.755017996 CEST4435521813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.755038023 CEST55219443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.755045891 CEST4435521913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.756428957 CEST4435521613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.757035971 CEST55216443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.757035971 CEST55216443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.757065058 CEST4435521613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.757075071 CEST4435521613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.841981888 CEST4435521513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.842001915 CEST4435521513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.842035055 CEST4435521513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.842056036 CEST55215443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.842094898 CEST55215443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.842274904 CEST55215443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.842287064 CEST4435521513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.842304945 CEST55215443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.842309952 CEST4435521513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.845036030 CEST55220443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.845078945 CEST4435522013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.845169067 CEST55220443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.845283031 CEST55220443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.845300913 CEST4435522013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.851598024 CEST4435521713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.851929903 CEST4435521713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.851996899 CEST55217443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.852081060 CEST55217443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.852081060 CEST55217443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.852123022 CEST4435521713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.852154016 CEST4435521713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.854001045 CEST55221443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.854042053 CEST4435522113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.854109049 CEST55221443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.854234934 CEST55221443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.854254961 CEST4435522113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.855354071 CEST4435521613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.855779886 CEST4435521613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.855846882 CEST55216443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.855912924 CEST55216443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.855912924 CEST55216443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.855928898 CEST4435521613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.855940104 CEST4435521613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.857737064 CEST55222443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.857748985 CEST4435522213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:14.857808113 CEST55222443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.857909918 CEST55222443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:14.857923985 CEST4435522213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.054275990 CEST55213443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.054341078 CEST4435521313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.398267031 CEST4435521913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.399012089 CEST55219443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.399033070 CEST4435521913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.399501085 CEST55219443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.399507046 CEST4435521913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.421925068 CEST4435521813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.422683001 CEST55218443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.422744989 CEST4435521813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.423091888 CEST55218443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.423146963 CEST4435521813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.484549046 CEST4435522013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.487092018 CEST55220443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.487138033 CEST4435522013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.487586975 CEST55220443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.487591982 CEST4435522013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.490375996 CEST4435522113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.490708113 CEST55221443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.490736961 CEST4435522113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.491108894 CEST55221443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.491122961 CEST4435522113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.497327089 CEST4435521913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.497602940 CEST4435521913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.497667074 CEST55219443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.497678041 CEST4435521913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.497731924 CEST55219443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.497778893 CEST55219443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.497793913 CEST4435521913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.497805119 CEST55219443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.497812033 CEST4435521913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.500634909 CEST55223443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.500664949 CEST4435522313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.500732899 CEST55223443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.500869036 CEST55223443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.500880957 CEST4435522313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.510572910 CEST4435522213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.510967970 CEST55222443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.510992050 CEST4435522213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.511353016 CEST55222443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.511363983 CEST4435522213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.526348114 CEST4435521813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.527137041 CEST4435521813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.527348995 CEST55218443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.527348995 CEST55218443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.527348995 CEST55218443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.529495955 CEST55224443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.529541969 CEST4435522413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.529624939 CEST55224443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.529738903 CEST55224443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.529759884 CEST4435522413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.584372044 CEST4435522013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.586556911 CEST4435522013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.586628914 CEST55220443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.586707115 CEST55220443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.586719990 CEST4435522013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.586730003 CEST55220443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.586735010 CEST4435522013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.589358091 CEST4435522113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.589533091 CEST4435522113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.589595079 CEST55221443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.589824915 CEST55221443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.589850903 CEST4435522113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.589876890 CEST55221443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.589890957 CEST4435522113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.591833115 CEST55225443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.591881037 CEST4435522513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.591890097 CEST55226443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.591898918 CEST4435522613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.591950893 CEST55225443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.592044115 CEST55226443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.592044115 CEST55226443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.592063904 CEST4435522613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.592120886 CEST55225443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.592133045 CEST4435522513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.611068964 CEST4435522213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.611222029 CEST4435522213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.611299038 CEST55222443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.611336946 CEST55222443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.611336946 CEST55222443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.611356020 CEST4435522213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.611375093 CEST4435522213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.613142967 CEST55227443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.613229036 CEST4435522713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.613323927 CEST55227443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.613428116 CEST55227443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.613465071 CEST4435522713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.836838961 CEST55218443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:15.836899996 CEST4435521813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:15.879178047 CEST55228443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:15.879239082 CEST44355228142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:15.879303932 CEST55228443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:15.879525900 CEST55228443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:15.879539967 CEST44355228142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:15.917690992 CEST55229443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:15.917743921 CEST44355229142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:15.917814970 CEST55229443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:15.918081045 CEST55229443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:15.918118000 CEST44355229142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.136411905 CEST4435522313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.136892080 CEST55223443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.136913061 CEST4435522313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.137301922 CEST55223443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.137306929 CEST4435522313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.169229031 CEST4435522413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.169728994 CEST55224443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.169774055 CEST4435522413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.170125961 CEST55224443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.170136929 CEST4435522413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.222784996 CEST4435522613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.223304033 CEST55226443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.223332882 CEST4435522613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.223697901 CEST55226443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.223701954 CEST4435522613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.225291014 CEST4435522513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.225532055 CEST55225443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.225545883 CEST4435522513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.225841045 CEST55225443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.225845098 CEST4435522513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.235709906 CEST4435522313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.235928059 CEST4435522313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.235979080 CEST55223443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.235991955 CEST4435522313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.236041069 CEST4435522313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.236068964 CEST55223443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.236087084 CEST4435522313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.236097097 CEST55223443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.236102104 CEST4435522313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.236109972 CEST55223443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.236114025 CEST4435522313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.238881111 CEST55230443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.238922119 CEST4435523013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.238991976 CEST55230443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.239125013 CEST55230443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.239136934 CEST4435523013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.270800114 CEST4435522413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.270946980 CEST4435522413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.271034002 CEST55224443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.271078110 CEST55224443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.271078110 CEST55224443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.271095991 CEST4435522413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.271111012 CEST4435522413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.273238897 CEST55231443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.273261070 CEST4435523113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.273332119 CEST55231443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.273422003 CEST55231443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.273437023 CEST4435523113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.321325064 CEST4435522613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.321610928 CEST4435522613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.321681976 CEST55226443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.321703911 CEST55226443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.321718931 CEST4435522613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.321727037 CEST55226443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.321732998 CEST4435522613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.323720932 CEST55232443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.323806047 CEST4435523213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.323878050 CEST55232443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.324018002 CEST55232443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.324055910 CEST4435523213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.324990034 CEST4435522513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.325290918 CEST4435522513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.325335979 CEST4435522513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.325336933 CEST55225443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.325376034 CEST55225443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.325417042 CEST55225443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.325422049 CEST4435522513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.325431108 CEST55225443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.325436115 CEST4435522513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.327385902 CEST55233443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.327409029 CEST4435523313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.327459097 CEST55233443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.327554941 CEST55233443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.327567101 CEST4435523313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.486917019 CEST4435522713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.487354040 CEST55227443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.487376928 CEST4435522713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.487776041 CEST55227443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.487783909 CEST4435522713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.520999908 CEST44355228142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.521279097 CEST55228443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:16.521305084 CEST44355228142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.521809101 CEST44355228142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.522084951 CEST55228443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:16.522161961 CEST44355228142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.522248983 CEST55228443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:16.522269011 CEST55228443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:16.522278070 CEST44355228142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.575591087 CEST44355229142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.575855017 CEST55229443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:16.575886011 CEST44355229142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.576632023 CEST44355229142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.576894045 CEST55229443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:16.576987028 CEST44355229142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.577034950 CEST55229443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:16.577055931 CEST55229443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:16.577070951 CEST44355229142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.588124990 CEST4435522713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.588309050 CEST4435522713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.588387012 CEST55227443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.588418961 CEST4435522713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.588495016 CEST55227443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.588548899 CEST55227443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.588548899 CEST55227443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.588589907 CEST4435522713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.588618040 CEST4435522713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.591155052 CEST55234443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.591196060 CEST4435523413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.591272116 CEST55234443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.591424942 CEST55234443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.591430902 CEST4435523413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.820993900 CEST44355228142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.821793079 CEST44355228142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.821847916 CEST55228443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:16.822077990 CEST55228443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:16.822092056 CEST44355228142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.874042988 CEST4435523013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.874614954 CEST55230443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.874640942 CEST4435523013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.875034094 CEST55230443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.875037909 CEST4435523013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.877594948 CEST44355229142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.878099918 CEST44355229142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.878160000 CEST55229443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:16.878478050 CEST55229443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:16.878495932 CEST44355229142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:16.938080072 CEST4435523113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.938525915 CEST55231443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.938545942 CEST4435523113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.938930988 CEST55231443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.938935995 CEST4435523113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.961364985 CEST4435523213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.961807013 CEST55232443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.961869001 CEST4435523213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.962024927 CEST55232443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.962042093 CEST4435523213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.973104954 CEST4435523313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.973412037 CEST55233443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.973440886 CEST4435523313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.973748922 CEST55233443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.973754883 CEST4435523313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.976418018 CEST4435523013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.976464987 CEST4435523013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.976512909 CEST55230443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.976663113 CEST55230443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.976676941 CEST4435523013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.979182959 CEST55235443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.979270935 CEST4435523513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:16.979362965 CEST55235443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.979466915 CEST55235443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:16.979489088 CEST4435523513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.046022892 CEST4435523113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.046112061 CEST4435523113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.046159029 CEST55231443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.046170950 CEST4435523113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.046216011 CEST4435523113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.046263933 CEST55231443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.046286106 CEST55231443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.046293020 CEST4435523113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.046303034 CEST55231443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.046307087 CEST4435523113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.048398972 CEST55236443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.048410892 CEST4435523613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.048482895 CEST55236443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.048613071 CEST55236443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.048624992 CEST4435523613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.060571909 CEST4435523213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.060633898 CEST4435523213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.060693026 CEST55232443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.060765028 CEST55232443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.060791016 CEST4435523213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.060827017 CEST55232443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.060839891 CEST4435523213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.062545061 CEST55237443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.062568903 CEST4435523713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.062630892 CEST55237443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.062764883 CEST55237443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.062774897 CEST4435523713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.074103117 CEST4435523313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.074892998 CEST4435523313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.074944973 CEST4435523313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.074947119 CEST55233443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.074992895 CEST55233443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.075033903 CEST55233443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.075033903 CEST55233443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.075048923 CEST4435523313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.075056076 CEST4435523313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.076702118 CEST55238443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.076711893 CEST4435523813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.076772928 CEST55238443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.076889992 CEST55238443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.076899052 CEST4435523813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.261809111 CEST4435523413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.262425900 CEST55234443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.262447119 CEST4435523413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.262922049 CEST55234443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.262927055 CEST4435523413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.366745949 CEST4435523413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.366905928 CEST4435523413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.366981030 CEST55234443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.367292881 CEST55234443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.367316961 CEST4435523413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.367326021 CEST55234443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.367331028 CEST4435523413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.370263100 CEST55239443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.370292902 CEST4435523913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.370378971 CEST55239443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.370531082 CEST55239443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.370544910 CEST4435523913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.421354055 CEST44355169142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:17:17.421479940 CEST44355169142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:17:17.421583891 CEST55169443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:17:17.624824047 CEST4435523513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.652834892 CEST55235443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.652896881 CEST4435523513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.653280020 CEST55235443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.653333902 CEST4435523513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.696381092 CEST4435523613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.700325012 CEST4435523713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.704803944 CEST55236443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.704822063 CEST4435523613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.705265045 CEST55236443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.705271006 CEST4435523613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.716566086 CEST55237443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.716582060 CEST4435523713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.719419956 CEST55237443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.719424963 CEST4435523713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.722930908 CEST4435523813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.725457907 CEST55238443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.725466013 CEST4435523813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.749535084 CEST55238443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.749541044 CEST4435523813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.750123978 CEST4435523513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.750754118 CEST4435523513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.750853062 CEST55235443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.800239086 CEST4435523613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.800530910 CEST4435523613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.800592899 CEST55236443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.808635950 CEST55235443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.808635950 CEST55235443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.808701992 CEST4435523513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.808736086 CEST4435523513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.812201023 CEST55236443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.812217951 CEST4435523613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.812227964 CEST55236443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.812232971 CEST4435523613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.815699100 CEST55240443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.815745115 CEST4435524013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.815797091 CEST55241443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.815859079 CEST4435523713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.815869093 CEST4435524113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.815913916 CEST55240443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.815951109 CEST55240443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.815956116 CEST4435524013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.815979004 CEST4435523713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.815988064 CEST55241443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.816029072 CEST4435523713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.816030979 CEST55237443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.816051960 CEST55241443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.816082954 CEST55237443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.816088915 CEST4435524113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.816255093 CEST55237443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.816255093 CEST55237443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.816281080 CEST4435523713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.816294909 CEST4435523713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.818345070 CEST55242443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.818391085 CEST4435524213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.818463087 CEST55242443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.818618059 CEST55242443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.818650007 CEST4435524213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.846718073 CEST4435523813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.847539902 CEST4435523813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.847584963 CEST55238443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.847608089 CEST55238443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.847615004 CEST4435523813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.847623110 CEST55238443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.847626925 CEST4435523813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.849597931 CEST55243443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.849617958 CEST4435524313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:17.849735022 CEST55243443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.849821091 CEST55243443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:17.849828005 CEST4435524313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.022242069 CEST4435523913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.022720098 CEST55239443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.022748947 CEST4435523913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.023375034 CEST55239443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.023380995 CEST4435523913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.301090956 CEST4435523913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.301167011 CEST4435523913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.301254988 CEST55239443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.301275015 CEST4435523913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.301326036 CEST55239443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.301527977 CEST55239443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.301539898 CEST4435523913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.301549911 CEST55239443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.301554918 CEST4435523913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.304706097 CEST55244443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.304763079 CEST4435524413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.304862022 CEST55244443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.305030107 CEST55244443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.305042982 CEST4435524413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.504960060 CEST4435524213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.505682945 CEST55242443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.505779028 CEST4435524213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.506165028 CEST55242443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.506184101 CEST4435524213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.527314901 CEST4435524113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.527688980 CEST55241443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.527724981 CEST4435524113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.528048992 CEST55241443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.528065920 CEST4435524113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.553766966 CEST4435524313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.554276943 CEST55243443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.554299116 CEST4435524313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.554600000 CEST55243443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.554604053 CEST4435524313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.557269096 CEST4435524013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.557668924 CEST55240443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.557684898 CEST4435524013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.557991028 CEST55240443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.557995081 CEST4435524013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.602832079 CEST4435524213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.603063107 CEST4435524213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.603156090 CEST55242443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.603429079 CEST55242443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.603429079 CEST55242443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.603461027 CEST4435524213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.603482962 CEST4435524213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.606782913 CEST55245443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.606868982 CEST4435524513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.606978893 CEST55245443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.607223988 CEST55245443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.607259035 CEST4435524513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.630601883 CEST4435524113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.630814075 CEST4435524113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.630887032 CEST55241443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.630923033 CEST55241443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.630943060 CEST4435524113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.630964994 CEST55241443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.630978107 CEST4435524113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.633558989 CEST55246443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.633642912 CEST4435524613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.633743048 CEST55246443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.633949041 CEST55246443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.633985996 CEST4435524613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.652930021 CEST4435524313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.653033972 CEST4435524313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.653084040 CEST55243443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.653099060 CEST4435524313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.653139114 CEST4435524313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.653182983 CEST55243443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.653316975 CEST55243443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.653328896 CEST4435524313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.653341055 CEST55243443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.653347015 CEST4435524313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.655859947 CEST55247443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.655889034 CEST4435524713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.655972958 CEST55247443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.656148911 CEST55247443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.656171083 CEST4435524713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.661406994 CEST4435524013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.661926985 CEST4435524013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.661983967 CEST55240443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.662048101 CEST55240443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.662054062 CEST4435524013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.662069082 CEST55240443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.662072897 CEST4435524013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.664293051 CEST55248443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.664329052 CEST4435524813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.664403915 CEST55248443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.664551020 CEST55248443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.664562941 CEST4435524813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.979783058 CEST4435524413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.980201960 CEST55244443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.980233908 CEST4435524413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:18.980626106 CEST55244443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:18.980633020 CEST4435524413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.085680008 CEST4435524413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.085825920 CEST4435524413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.085891962 CEST55244443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.086040974 CEST55244443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.086056948 CEST4435524413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.086070061 CEST55244443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.086076975 CEST4435524413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.089396954 CEST55249443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.089417934 CEST4435524913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.089495897 CEST55249443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.089631081 CEST55249443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.089639902 CEST4435524913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.243550062 CEST4435524513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.244134903 CEST55245443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.244215012 CEST4435524513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.244771957 CEST55245443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.244786978 CEST4435524513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.296518087 CEST4435524713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.297020912 CEST55247443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.297049999 CEST4435524713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.299556017 CEST55247443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.299562931 CEST4435524713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.308839083 CEST4435524613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.309290886 CEST55246443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.309351921 CEST4435524613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.309629917 CEST55246443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.309643984 CEST4435524613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.328046083 CEST4435524813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.328428030 CEST55248443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.328447104 CEST4435524813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.329001904 CEST55248443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.329005957 CEST4435524813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.354255915 CEST4435524513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.354355097 CEST4435524513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.354482889 CEST4435524513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.354538918 CEST55245443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.354538918 CEST55245443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.354538918 CEST55245443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.354540110 CEST55245443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.354633093 CEST4435524513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.357075930 CEST55250443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.357104063 CEST4435525013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.357184887 CEST55250443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.357295990 CEST55250443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.357316971 CEST4435525013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.397763014 CEST4435524713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.397927999 CEST4435524713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.397996902 CEST55247443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.398333073 CEST55247443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.398349047 CEST4435524713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.401549101 CEST55251443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.401576042 CEST4435525113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.401662111 CEST55251443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.401839018 CEST55251443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.401850939 CEST4435525113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.430375099 CEST4435524613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.430516958 CEST4435524613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.430613041 CEST55246443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.430694103 CEST55246443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.430707932 CEST4435524813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.430736065 CEST4435524613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.430767059 CEST55246443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.430782080 CEST4435524613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.430846930 CEST4435524813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.430907011 CEST55248443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.430938005 CEST55248443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.430948973 CEST4435524813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.430955887 CEST55248443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.430959940 CEST4435524813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.433543921 CEST55252443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.433619022 CEST4435525213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.433713913 CEST55252443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.433799028 CEST55252443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.433821917 CEST4435525213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.434103966 CEST55253443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.434190989 CEST4435525313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.434273005 CEST55253443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.434438944 CEST55253443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.434474945 CEST4435525313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.663764954 CEST55245443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.663829088 CEST4435524513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.766941071 CEST4435524913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.767663956 CEST55249443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.767694950 CEST4435524913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.768269062 CEST55249443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.768285990 CEST4435524913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.870225906 CEST4435524913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.870368004 CEST4435524913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.870429993 CEST55249443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.870699883 CEST55249443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.870711088 CEST4435524913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.870723963 CEST55249443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.870728016 CEST4435524913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.882021904 CEST55254443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.882113934 CEST4435525413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:19.882220984 CEST55254443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.882349014 CEST55254443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:19.882370949 CEST4435525413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.048970938 CEST4435525013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.056852102 CEST4435525113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.064776897 CEST55250443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.064791918 CEST4435525013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.065066099 CEST55251443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.065098047 CEST4435525113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.065634966 CEST55250443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.065639973 CEST4435525013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.065721035 CEST55251443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.065727949 CEST4435525113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.099236965 CEST4435525213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.110182047 CEST55252443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.110213041 CEST4435525213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.110785961 CEST55252443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.110794067 CEST4435525213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.122258902 CEST4435525313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.122805119 CEST55253443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.122850895 CEST4435525313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.123297930 CEST55253443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.123326063 CEST4435525313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.160494089 CEST4435525113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.160667896 CEST4435525113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.160758018 CEST55251443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.168773890 CEST55251443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.168787003 CEST4435525113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.168796062 CEST55251443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.168800116 CEST4435525113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.171956062 CEST4435525013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.172123909 CEST4435525013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.172185898 CEST55250443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.189063072 CEST55250443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.189083099 CEST4435525013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.189110041 CEST55250443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.189116955 CEST4435525013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.206136942 CEST55255443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.206163883 CEST4435525513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.206223965 CEST55255443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.210340977 CEST4435525213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.210498095 CEST4435525213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.210552931 CEST55252443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.212544918 CEST55256443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.212627888 CEST4435525613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.212707996 CEST55256443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.215313911 CEST55255443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.215325117 CEST4435525513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.215503931 CEST55252443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.215514898 CEST4435525213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.215523005 CEST55252443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.215526104 CEST4435525213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.222908974 CEST4435525313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.223318100 CEST4435525313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.223371983 CEST4435525313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.223417044 CEST55253443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.223417044 CEST55253443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.227698088 CEST55253443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.227698088 CEST55253443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.227765083 CEST4435525313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.227799892 CEST4435525313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.230670929 CEST55257443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.230705976 CEST4435525713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.230761051 CEST55257443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.230892897 CEST55257443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.230905056 CEST4435525713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.286313057 CEST55256443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.286350965 CEST4435525613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.309195995 CEST55258443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.309251070 CEST4435525813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.309314013 CEST55258443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.318764925 CEST55258443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.318794012 CEST4435525813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.522324085 CEST4435525413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.525477886 CEST55254443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.525535107 CEST4435525413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.525876045 CEST55254443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.525891066 CEST4435525413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.620948076 CEST4435525413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.621104956 CEST4435525413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.621191978 CEST55254443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.621371984 CEST55254443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.621419907 CEST4435525413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.621454954 CEST55254443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.621473074 CEST4435525413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.623820066 CEST55259443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.623903990 CEST4435525913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.625168085 CEST55259443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.625277996 CEST55259443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.625302076 CEST4435525913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.869751930 CEST4435525713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.870204926 CEST55257443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.870228052 CEST4435525713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.870595932 CEST55257443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.870600939 CEST4435525713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.872342110 CEST4435525513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.872658968 CEST55255443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.872687101 CEST4435525513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.872951031 CEST55255443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.872955084 CEST4435525513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.926368952 CEST4435525613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.926767111 CEST55256443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.926826954 CEST4435525613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.927192926 CEST55256443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.927206993 CEST4435525613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.968950033 CEST4435525713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.969001055 CEST4435525713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.969054937 CEST55257443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.969065905 CEST4435525713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.969336033 CEST55257443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.969340086 CEST4435525713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.969347954 CEST55257443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.969357014 CEST4435525713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.969472885 CEST4435525713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.971949100 CEST55260443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.972032070 CEST4435526013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.972107887 CEST55260443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.972393990 CEST55260443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.972429037 CEST4435526013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.972913980 CEST4435525513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.973372936 CEST4435525513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.973428965 CEST55255443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.973444939 CEST55255443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.973459005 CEST55255443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.973459959 CEST4435525513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.973465919 CEST4435525513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.975743055 CEST55261443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.975770950 CEST4435526113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.975897074 CEST55261443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.976017952 CEST55261443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.976028919 CEST4435526113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.976603985 CEST4435525813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.977705002 CEST55258443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.977711916 CEST4435525813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:20.978276968 CEST55258443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:20.978281021 CEST4435525813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.025631905 CEST4435525613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.025784016 CEST4435525613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.025902033 CEST55256443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.025985003 CEST55256443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.025985003 CEST55256443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.026026964 CEST4435525613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.026057005 CEST4435525613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.028671980 CEST55262443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.028697968 CEST4435526213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.028762102 CEST55262443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.028893948 CEST55262443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.028903961 CEST4435526213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.077250004 CEST4435525813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.077575922 CEST4435525813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.077616930 CEST4435525813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.077627897 CEST55258443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.077655077 CEST55258443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.077692032 CEST55258443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.077706099 CEST4435525813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.077713966 CEST55258443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.077718973 CEST4435525813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.079703093 CEST55263443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.079761982 CEST4435526313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.079853058 CEST55263443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.080013037 CEST55263443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.080044031 CEST4435526313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.292428970 CEST4435525913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.292957067 CEST55259443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.292979002 CEST4435525913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.293410063 CEST55259443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.293418884 CEST4435525913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.609570026 CEST4435525913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.609633923 CEST4435525913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.609733105 CEST4435525913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.609738111 CEST55259443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.609807014 CEST55259443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.609966040 CEST55259443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.609966993 CEST55259443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.610008001 CEST4435525913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.610035896 CEST4435525913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.612158060 CEST55264443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.612216949 CEST4435526413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.613154888 CEST55264443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.613280058 CEST55264443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.613296986 CEST4435526413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.805561066 CEST4435526313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.809581995 CEST55263443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.809616089 CEST4435526313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.810005903 CEST55263443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.810018063 CEST4435526313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.812443018 CEST4435526213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.812799931 CEST4435526013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.813143969 CEST55260443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.813175917 CEST4435526013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.813266039 CEST55262443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.813282967 CEST4435526213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.813515902 CEST55260443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.813527107 CEST4435526013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.813709974 CEST55262443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.813714981 CEST4435526213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.815942049 CEST4435526113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.817326069 CEST55261443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.817333937 CEST4435526113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.817660093 CEST55261443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.817663908 CEST4435526113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.907180071 CEST4435526313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.907195091 CEST4435526313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.907243967 CEST4435526313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.907265902 CEST55263443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.907325029 CEST55263443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.908494949 CEST55263443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.908525944 CEST4435526313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.908554077 CEST55263443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.908567905 CEST4435526313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.911248922 CEST55265443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.911278009 CEST4435526513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.911345959 CEST55265443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.911493063 CEST55265443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.911504030 CEST4435526513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.912163973 CEST4435526213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.912226915 CEST4435526213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.912266970 CEST55262443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.912431955 CEST55262443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.912440062 CEST4435526213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.912497044 CEST55262443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.912501097 CEST4435526213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.915891886 CEST4435526013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.916459084 CEST4435526013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.916520119 CEST55260443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.916843891 CEST55260443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.916860104 CEST55266443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.916862965 CEST4435526013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.916872025 CEST4435526613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.916887045 CEST55260443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.916898012 CEST4435526013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.916932106 CEST55266443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.917041063 CEST55266443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.917048931 CEST4435526613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.918597937 CEST55267443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.918638945 CEST4435526713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.918760061 CEST55267443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.918874025 CEST55267443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.918900967 CEST4435526713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.919121981 CEST4435526113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.919193983 CEST4435526113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.919236898 CEST55261443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.919245958 CEST4435526113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.919296026 CEST4435526113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.919310093 CEST55261443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.919328928 CEST4435526113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.919346094 CEST55261443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.919346094 CEST55261443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.919351101 CEST4435526113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.919356108 CEST4435526113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.921185970 CEST55268443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.921236992 CEST4435526813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:21.921307087 CEST55268443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.921406031 CEST55268443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:21.921427011 CEST4435526813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.274748087 CEST4435526413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.275207996 CEST55264443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.275291920 CEST4435526413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.275613070 CEST55264443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.275629044 CEST4435526413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.376928091 CEST4435526413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.377021074 CEST4435526413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.377132893 CEST4435526413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.377161026 CEST55264443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.377226114 CEST55264443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.377365112 CEST55264443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.377366066 CEST55264443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.377393961 CEST4435526413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.377418041 CEST4435526413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.380203962 CEST55269443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.380244017 CEST4435526913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.380316019 CEST55269443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.380470991 CEST55269443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.380476952 CEST4435526913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.505994081 CEST4435526613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.509529114 CEST55266443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.509552002 CEST4435526613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.509987116 CEST55266443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.509991884 CEST4435526613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.562917948 CEST4435526813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.563807964 CEST4435526713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.598437071 CEST4435526513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.605237007 CEST55268443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.605262995 CEST4435526813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.605696917 CEST55268443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.605703115 CEST4435526813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.605950117 CEST55267443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.605990887 CEST4435526713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.606272936 CEST55267443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.606286049 CEST4435526713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.606859922 CEST55265443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.606878042 CEST4435526513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.607244968 CEST55265443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.607249022 CEST4435526513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.610960007 CEST4435526613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.611027956 CEST4435526613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.611083031 CEST55266443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.611263037 CEST55266443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.611277103 CEST4435526613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.611294031 CEST55266443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.611299038 CEST4435526613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.613758087 CEST55270443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.613794088 CEST4435527013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.613853931 CEST55270443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.613981009 CEST55270443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.613990068 CEST4435527013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.701020956 CEST4435526813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.701219082 CEST4435526813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.702696085 CEST4435526713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.702800035 CEST55268443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.702851057 CEST4435526713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.702912092 CEST55267443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.703670979 CEST4435526513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.704056978 CEST4435526513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.704107046 CEST55265443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.704116106 CEST4435526513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.704127073 CEST4435526513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.704176903 CEST55265443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.736418009 CEST55268443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.736443996 CEST4435526813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.736458063 CEST55268443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.736466885 CEST4435526813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.737560987 CEST55267443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.737560987 CEST55267443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.737627029 CEST4435526713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.737658024 CEST4435526713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.738104105 CEST55265443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.738121986 CEST4435526513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.738154888 CEST55265443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.738158941 CEST4435526513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.767870903 CEST55271443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.767905951 CEST4435527113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.767981052 CEST55271443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.770513058 CEST55272443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.770554066 CEST4435527213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.770633936 CEST55272443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.777266979 CEST55273443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.777318954 CEST55271443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.777343035 CEST4435527113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.777350903 CEST4435527313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.777426958 CEST55273443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.777442932 CEST55272443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.777457952 CEST4435527213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:22.777525902 CEST55273443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:22.777550936 CEST4435527313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.030843019 CEST4435526913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.031333923 CEST55269443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.031353951 CEST4435526913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.031734943 CEST55269443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.031742096 CEST4435526913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.131794930 CEST4435526913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.131848097 CEST4435526913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.131894112 CEST4435526913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.131973028 CEST55269443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.132184982 CEST55269443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.132209063 CEST4435526913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.132221937 CEST55269443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.132229090 CEST4435526913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.134948015 CEST55274443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.135032892 CEST4435527413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.135139942 CEST55274443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.135299921 CEST55274443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.135324955 CEST4435527413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.256381035 CEST4435527013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.256947041 CEST55270443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.256957054 CEST4435527013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.257350922 CEST55270443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.257355928 CEST4435527013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.356394053 CEST4435527013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.357666969 CEST4435527013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.357723951 CEST55270443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.357758999 CEST55270443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.357769012 CEST4435527013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.357789040 CEST55270443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.357795000 CEST4435527013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.359976053 CEST55275443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.359998941 CEST4435527513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.360153913 CEST55275443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.360266924 CEST55275443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.360281944 CEST4435527513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.412236929 CEST4435527313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.412601948 CEST55273443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.412661076 CEST4435527313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.413122892 CEST55273443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.413176060 CEST4435527313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.423286915 CEST4435527213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.423666000 CEST55272443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.423677921 CEST4435527213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.424038887 CEST55272443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.424043894 CEST4435527213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.427434921 CEST4435527113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.427674055 CEST55271443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.427704096 CEST4435527113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.427956104 CEST55271443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.427963972 CEST4435527113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.513262987 CEST4435527313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.513864994 CEST4435527313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.513952017 CEST55273443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.514039040 CEST55273443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.514039993 CEST55273443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.514081001 CEST4435527313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.514110088 CEST4435527313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.516499043 CEST55276443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.516535997 CEST4435527613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.516628027 CEST55276443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.516792059 CEST55276443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.516803026 CEST4435527613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.531109095 CEST4435527213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.531430006 CEST4435527213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.531481028 CEST4435527213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.531483889 CEST55272443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.531533957 CEST55272443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.531590939 CEST55272443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.531598091 CEST4435527213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.531608105 CEST55272443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.531611919 CEST4435527213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.531795979 CEST4435527113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.532608986 CEST4435527113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.532696962 CEST55271443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.532717943 CEST4435527113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.532764912 CEST55271443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.532859087 CEST55271443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.532879114 CEST4435527113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.532912970 CEST55271443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.532921076 CEST4435527113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.533763885 CEST55277443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.533792973 CEST4435527713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.533874989 CEST55277443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.533970118 CEST55277443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.533981085 CEST4435527713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.534645081 CEST55278443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.534655094 CEST4435527813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.534717083 CEST55278443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.534849882 CEST55278443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.534859896 CEST4435527813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.775841951 CEST4435527413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.777631044 CEST55274443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.777692080 CEST4435527413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.777980089 CEST55274443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.777996063 CEST4435527413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.877726078 CEST4435527413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.877820969 CEST4435527413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.877887964 CEST55274443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.878048897 CEST55274443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.878094912 CEST4435527413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.878144026 CEST55274443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.878160000 CEST4435527413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.880390882 CEST55279443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.880433083 CEST4435527913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:23.880650043 CEST55279443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.880788088 CEST55279443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:23.880794048 CEST4435527913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.037570953 CEST4435527513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.038681030 CEST55275443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.038697004 CEST4435527513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.039079905 CEST55275443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.039083958 CEST4435527513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.141885042 CEST4435527513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.142056942 CEST4435527513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.142175913 CEST55275443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.142247915 CEST55275443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.142263889 CEST4435527513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.142272949 CEST55275443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.142277956 CEST4435527513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.144954920 CEST55280443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.145001888 CEST4435528013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.145078897 CEST55280443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.145204067 CEST55280443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.145212889 CEST4435528013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.171976089 CEST4435527813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.172363043 CEST55278443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.172401905 CEST4435527813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.172746897 CEST55278443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.172765017 CEST4435527813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.190058947 CEST4435527613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.190320015 CEST55276443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.190327883 CEST4435527613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.190624952 CEST55276443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.190629005 CEST4435527613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.202974081 CEST4435527713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.203238010 CEST55277443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.203260899 CEST4435527713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.203537941 CEST55277443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.203543901 CEST4435527713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.272027969 CEST4435527813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.272197008 CEST4435527813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.272258043 CEST55278443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.272300959 CEST55278443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.272300959 CEST55278443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.272311926 CEST4435527813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.272321939 CEST4435527813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.274353027 CEST55281443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.274399042 CEST4435528113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.274463892 CEST55281443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.274558067 CEST55281443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.274569035 CEST4435528113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.294501066 CEST4435527613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.294873953 CEST4435527613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.294924021 CEST55276443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.294945955 CEST55276443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.294945955 CEST55276443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.294953108 CEST4435527613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.294960022 CEST4435527613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.296770096 CEST55282443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.296812057 CEST4435528213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.296895981 CEST55282443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.297002077 CEST55282443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.297020912 CEST4435528213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.305675983 CEST4435527713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.305895090 CEST4435527713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.305974007 CEST55277443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.306138992 CEST55277443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.306138992 CEST55277443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.306158066 CEST4435527713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.306170940 CEST4435527713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.307929039 CEST55283443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.307961941 CEST4435528313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.309148073 CEST55283443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.309381008 CEST55283443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.309396982 CEST4435528313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.541656017 CEST4435527913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.542203903 CEST55279443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.542236090 CEST4435527913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.542749882 CEST55279443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.542754889 CEST4435527913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.644728899 CEST4435527913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.645073891 CEST4435527913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.645106077 CEST4435527913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.645126104 CEST55279443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.645174980 CEST55279443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.645214081 CEST55279443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.645225048 CEST4435527913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.645232916 CEST55279443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.645236969 CEST4435527913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.647514105 CEST55284443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.647556067 CEST4435528413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.647624016 CEST55284443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.647728920 CEST55284443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.647739887 CEST4435528413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.798691988 CEST4435528013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.799150944 CEST55280443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.799199104 CEST4435528013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.799592018 CEST55280443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.799601078 CEST4435528013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.858947992 CEST4435528113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.859605074 CEST55281443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.859664917 CEST4435528113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.859999895 CEST55281443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.860014915 CEST4435528113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.901076078 CEST4435528013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.901232004 CEST4435528013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.901281118 CEST55280443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.901345968 CEST55280443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.901365042 CEST4435528013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.901376963 CEST55280443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.901385069 CEST4435528013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.904274940 CEST55285443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.904360056 CEST4435528513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.904441118 CEST55285443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.904593945 CEST55285443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.904623985 CEST4435528513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.961436033 CEST4435528213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.962064981 CEST55282443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.962153912 CEST4435528213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.962404013 CEST55282443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.962420940 CEST4435528213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.963531017 CEST4435528113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.963624001 CEST4435528113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.963669062 CEST4435528113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.963673115 CEST55281443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.963716030 CEST55281443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.963783979 CEST55281443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.963783979 CEST55281443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.963815928 CEST4435528113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.963838100 CEST4435528113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.966125965 CEST55286443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.966209888 CEST4435528613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.966303110 CEST55286443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.966447115 CEST55286443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.966483116 CEST4435528613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.969152927 CEST4435528313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.969454050 CEST55283443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.969474077 CEST4435528313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:24.969857931 CEST55283443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:24.969863892 CEST4435528313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.064507008 CEST4435528213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.064640999 CEST4435528213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.064713955 CEST55282443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.064815998 CEST55282443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.064861059 CEST4435528213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.064892054 CEST55282443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.064908028 CEST4435528213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.067218065 CEST55287443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.067262888 CEST4435528713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.067331076 CEST55287443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.067454100 CEST55287443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.067473888 CEST4435528713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.069525003 CEST4435528313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.069627047 CEST4435528313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.069673061 CEST55283443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.069684029 CEST4435528313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.069736958 CEST4435528313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.069782972 CEST55283443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.069802999 CEST55283443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.069814920 CEST4435528313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.069824934 CEST55283443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.069830894 CEST4435528313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.072271109 CEST55288443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.072293997 CEST4435528813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.072367907 CEST55288443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.072483063 CEST55288443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.072499037 CEST4435528813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.286334038 CEST4435528413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.286902905 CEST55284443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.286921978 CEST4435528413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.287235022 CEST55284443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.287241936 CEST4435528413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.409982920 CEST4435528413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.417448044 CEST4435528413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.417622089 CEST55284443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.417623043 CEST55284443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.417623043 CEST55284443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.419982910 CEST55289443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.420012951 CEST4435528913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.420074940 CEST55289443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.420197010 CEST55289443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.420207977 CEST4435528913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.537277937 CEST4435528513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.537786007 CEST55285443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.537868977 CEST4435528513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.538211107 CEST55285443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.538228035 CEST4435528513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.631618023 CEST4435528613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.632034063 CEST55286443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.632114887 CEST4435528613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.632514954 CEST55286443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.632529974 CEST4435528613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.639509916 CEST4435528513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.639624119 CEST4435528513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.639662027 CEST4435528513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.639730930 CEST55285443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.639831066 CEST55285443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.639864922 CEST4435528513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.639893055 CEST55285443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.639906883 CEST4435528513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.642527103 CEST55290443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.642553091 CEST4435529013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.642623901 CEST55290443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.642759085 CEST55290443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.642765999 CEST4435529013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.649032116 CEST4435528813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.649333000 CEST55288443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.649394989 CEST4435528813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.649656057 CEST55288443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.649674892 CEST4435528813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.726134062 CEST55284443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.726147890 CEST4435528413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.726830959 CEST4435528713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.727174997 CEST55287443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.727190971 CEST4435528713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.727459908 CEST55287443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.727466106 CEST4435528713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.762170076 CEST4435528613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.770131111 CEST4435528613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.770210981 CEST55286443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.770292997 CEST55286443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.770292997 CEST55286443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.770334005 CEST4435528613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.770363092 CEST4435528613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.772377014 CEST55291443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.772398949 CEST4435529113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.772458076 CEST55291443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.774076939 CEST55291443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.774090052 CEST4435529113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.806184053 CEST4435528813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.806241989 CEST4435528813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.806291103 CEST55288443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.806302071 CEST4435528813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.806448936 CEST4435528813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.806505919 CEST55288443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.806749105 CEST55288443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.806759119 CEST4435528813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.806766987 CEST55288443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.806771994 CEST4435528813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.810534954 CEST55292443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.810564995 CEST4435529213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.810631990 CEST55292443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.810822010 CEST55292443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.810851097 CEST4435529213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.830226898 CEST4435528713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.830271959 CEST4435528713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.830318928 CEST55287443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.830331087 CEST4435528713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.830389977 CEST4435528713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.830614090 CEST55287443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.830614090 CEST55287443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.830614090 CEST55287443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.832470894 CEST55293443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.832499981 CEST4435529313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:25.832581997 CEST55293443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.832705021 CEST55293443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:25.832731009 CEST4435529313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.082118034 CEST4435528913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.082823038 CEST55289443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.082854033 CEST4435528913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.083172083 CEST55289443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.083175898 CEST4435528913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.131865025 CEST55287443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.131885052 CEST4435528713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.250504017 CEST4435528913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.252646923 CEST4435528913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.252702951 CEST55289443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.252724886 CEST4435528913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.252765894 CEST4435528913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.252821922 CEST55289443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.252836943 CEST55289443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.252851963 CEST4435528913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.252860069 CEST55289443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.252863884 CEST4435528913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.255438089 CEST55294443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.255531073 CEST4435529413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.255618095 CEST55294443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.255733013 CEST55294443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.255754948 CEST4435529413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.432445049 CEST4435529013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.432842016 CEST55290443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.432853937 CEST4435529013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.433237076 CEST55290443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.433240891 CEST4435529013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.460549116 CEST4435529213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.460855961 CEST55292443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.460936069 CEST4435529213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.461170912 CEST55292443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.461185932 CEST4435529213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.532483101 CEST4435529013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.532726049 CEST4435529013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.532856941 CEST55290443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.532905102 CEST55290443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.532918930 CEST4435529013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.532967091 CEST55290443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.532972097 CEST4435529013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.535706997 CEST55295443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.535809040 CEST4435529513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.535906076 CEST55295443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.536055088 CEST55295443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.536077976 CEST4435529513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.539145947 CEST4435529113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.539493084 CEST55291443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.539503098 CEST4435529113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.539896965 CEST55291443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.539902925 CEST4435529113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.582947016 CEST4435529213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.583014965 CEST4435529213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.583340883 CEST55292443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.583340883 CEST55292443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.583340883 CEST55292443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.585381985 CEST55296443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.585411072 CEST4435529613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.585521936 CEST55296443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.585592985 CEST55296443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.585604906 CEST4435529613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.655719042 CEST4435529313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.656321049 CEST55293443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.656408072 CEST4435529313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.656516075 CEST55293443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.656532049 CEST4435529313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.671169996 CEST4435529113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.671200991 CEST4435529113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.671247959 CEST4435529113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.671247959 CEST55291443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.671308994 CEST55291443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.671463013 CEST55291443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.671468973 CEST4435529113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.671499968 CEST55291443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.671504021 CEST4435529113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.673660994 CEST55297443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.673693895 CEST4435529713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.673779011 CEST55297443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.673908949 CEST55297443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.673935890 CEST4435529713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.769723892 CEST4435529313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.776627064 CEST4435529313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.776681900 CEST4435529313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.776829004 CEST55293443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.776829004 CEST55293443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.776925087 CEST55293443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.776925087 CEST55293443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.776968002 CEST4435529313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.776998043 CEST4435529313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.780114889 CEST55298443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.780150890 CEST4435529813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.780251026 CEST55298443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.780452967 CEST55298443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.780464888 CEST4435529813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.870479107 CEST4435529413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.871104956 CEST55294443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.871177912 CEST4435529413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.871386051 CEST55294443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.871401072 CEST4435529413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:26.897615910 CEST55292443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:26.897677898 CEST4435529213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.008759975 CEST4435529413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.008815050 CEST4435529413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.008991003 CEST55294443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.009049892 CEST55294443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.009049892 CEST55294443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.009068966 CEST4435529413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.009089947 CEST4435529413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.049433947 CEST55299443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.049452066 CEST4435529913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.049534082 CEST55299443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.049734116 CEST55299443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.049751043 CEST4435529913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.222982883 CEST4435529513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.226892948 CEST55295443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.226953983 CEST4435529513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.233788013 CEST55295443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.233840942 CEST4435529513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.246043921 CEST4435529613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.248851061 CEST55296443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.248872995 CEST4435529613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.252751112 CEST55296443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.252756119 CEST4435529613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.288378954 CEST4435529713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.298494101 CEST55297443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.298528910 CEST4435529713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.298897028 CEST55297443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.298906088 CEST4435529713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.332581997 CEST4435529513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.332751989 CEST4435529513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.332866907 CEST4435529513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.332865000 CEST55295443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.333029032 CEST55295443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.333081007 CEST4435529513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.333116055 CEST55295443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.333116055 CEST55295443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.333137035 CEST4435529513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.333157063 CEST4435529513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.335603952 CEST55300443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.335645914 CEST4435530013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.336862087 CEST55300443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.336977005 CEST55300443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.336996078 CEST4435530013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.348436117 CEST4435529613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.348587990 CEST4435529613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.348665953 CEST55296443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.348798990 CEST55296443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.348807096 CEST4435529613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.348836899 CEST55296443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.348841906 CEST4435529613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.350732088 CEST55301443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.350763083 CEST4435530113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.350820065 CEST55301443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.350980043 CEST55301443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.350994110 CEST4435530113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.400048971 CEST4435529713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.400120974 CEST4435529713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.400227070 CEST4435529713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.400295973 CEST55297443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.400330067 CEST55297443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.400482893 CEST55297443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.400505066 CEST4435529713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.400538921 CEST55297443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.400547028 CEST4435529713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.402296066 CEST55302443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.402312994 CEST4435530213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.403273106 CEST55302443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.403398037 CEST55302443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.403403997 CEST4435530213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.472882032 CEST4435529813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.473247051 CEST55298443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.473278046 CEST4435529813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.473620892 CEST55298443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.473628044 CEST4435529813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.696626902 CEST4435529813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.696690083 CEST4435529813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.696742058 CEST55298443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.696908951 CEST55298443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.696928978 CEST4435529813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.696939945 CEST55298443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.696947098 CEST4435529813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.699457884 CEST55303443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.699541092 CEST4435530313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.699630022 CEST55303443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.699791908 CEST55303443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.699827909 CEST4435530313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.892693996 CEST4435529913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.893126965 CEST55299443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.893143892 CEST4435529913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.893851042 CEST55299443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.893856049 CEST4435529913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.975243092 CEST4435530013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.975692987 CEST55300443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.975734949 CEST4435530013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.976084948 CEST55300443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.976098061 CEST4435530013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.995511055 CEST4435529913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.995903015 CEST4435529913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.996032000 CEST55299443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.996108055 CEST55299443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.996129990 CEST4435529913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.996145010 CEST55299443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.996150017 CEST4435529913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.998684883 CEST55304443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.998720884 CEST4435530413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:27.998790979 CEST55304443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.998963118 CEST55304443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:27.998977900 CEST4435530413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.014055014 CEST4435530113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.014435053 CEST55301443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.014507055 CEST4435530113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.014769077 CEST55301443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.014787912 CEST4435530113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.063086987 CEST4435530213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.063412905 CEST55302443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.063450098 CEST4435530213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.063730955 CEST55302443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.063741922 CEST4435530213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.074666023 CEST4435530013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.074702024 CEST4435530013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.074748993 CEST4435530013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.074771881 CEST55300443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.074836016 CEST55300443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.074947119 CEST55300443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.074947119 CEST55300443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.074987888 CEST4435530013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.075015068 CEST4435530013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.076936007 CEST55305443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.076978922 CEST4435530513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.077056885 CEST55305443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.077171087 CEST55305443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.077183962 CEST4435530513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.115885973 CEST4435530113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.116015911 CEST4435530113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.116117954 CEST55301443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.116518021 CEST55301443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.116544962 CEST4435530113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.116575003 CEST55301443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.116592884 CEST4435530113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.118524075 CEST55306443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.118566990 CEST4435530613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.118638992 CEST55306443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.118741989 CEST55306443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.118756056 CEST4435530613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.164391041 CEST4435530213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.164544106 CEST4435530213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.164649010 CEST55302443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.165028095 CEST55302443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.165060043 CEST4435530213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.165091038 CEST55302443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.165106058 CEST4435530213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.167031050 CEST55307443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.167046070 CEST4435530713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.167102098 CEST55307443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.167191029 CEST55307443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.167198896 CEST4435530713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.383564949 CEST4435530313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.384080887 CEST55303443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.384166956 CEST4435530313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.384495974 CEST55303443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.384512901 CEST4435530313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.488289118 CEST4435530313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.488363981 CEST4435530313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.488462925 CEST4435530313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.488569975 CEST55303443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.488569975 CEST55303443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.488662958 CEST55303443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.488729954 CEST4435530313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.488776922 CEST55303443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.488794088 CEST4435530313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.491765976 CEST55308443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.491797924 CEST4435530813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.491867065 CEST55308443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.492129087 CEST55308443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.492145061 CEST4435530813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.639035940 CEST4435530413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.639528036 CEST55304443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.639559984 CEST4435530413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.639977932 CEST55304443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.639998913 CEST4435530413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.732722998 CEST4435530513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.733582973 CEST55305443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.733645916 CEST4435530513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.733917952 CEST55305443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.733973980 CEST4435530513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.738233089 CEST4435530413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.738370895 CEST4435530413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.738447905 CEST55304443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.738476038 CEST55304443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.738493919 CEST4435530413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.738506079 CEST55304443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.738512993 CEST4435530413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.740854025 CEST55309443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.740938902 CEST4435530913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.741020918 CEST55309443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.741136074 CEST55309443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.741158962 CEST4435530913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.782463074 CEST4435530613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.782886982 CEST55306443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.782949924 CEST4435530613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.783224106 CEST55306443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.783279896 CEST4435530613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.808989048 CEST4435530713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.809305906 CEST55307443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.809319019 CEST4435530713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.809624910 CEST55307443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.809631109 CEST4435530713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.836214066 CEST4435530513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.836529970 CEST4435530513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.836592913 CEST55305443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.836615086 CEST4435530513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.836647987 CEST4435530513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.836700916 CEST55305443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.836743116 CEST55305443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.836744070 CEST55305443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.836774111 CEST4435530513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.836796999 CEST4435530513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.839539051 CEST55310443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.839637995 CEST4435531013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.839713097 CEST55310443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.839807034 CEST55310443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.839829922 CEST4435531013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.882580996 CEST4435530613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.882930040 CEST4435530613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.883008003 CEST55306443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.883106947 CEST55306443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.883106947 CEST55306443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.883126020 CEST4435530613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.883147955 CEST4435530613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.885705948 CEST55311443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.885749102 CEST4435531113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.885809898 CEST55311443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.885906935 CEST55311443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.885919094 CEST4435531113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.907363892 CEST4435530713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.907555103 CEST4435530713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.907615900 CEST55307443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.907643080 CEST55307443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.907643080 CEST55307443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.907659054 CEST4435530713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.907669067 CEST4435530713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.909852028 CEST55312443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.909893990 CEST4435531213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:28.909951925 CEST55312443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.910044909 CEST55312443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:28.910057068 CEST4435531213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.140491962 CEST4435530813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.141316891 CEST55308443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.141339064 CEST4435530813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.141721010 CEST55308443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.141726017 CEST4435530813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.245817900 CEST4435530813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.245879889 CEST4435530813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.245970964 CEST4435530813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.246087074 CEST55308443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.246551991 CEST55308443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.246567965 CEST4435530813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.246592999 CEST55308443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.246601105 CEST4435530813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.249481916 CEST55313443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.249530077 CEST4435531313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.249619007 CEST55313443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.249787092 CEST55313443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.249825954 CEST4435531313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.383122921 CEST4435530913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.383846045 CEST55309443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.383908033 CEST4435530913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.384295940 CEST55309443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.384351015 CEST4435530913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.393014908 CEST4435531013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.393346071 CEST55310443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.393407106 CEST4435531013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.393673897 CEST55310443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.393690109 CEST4435531013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.482072115 CEST4435530913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.482227087 CEST4435530913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.482492924 CEST55309443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.482492924 CEST55309443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.482492924 CEST55309443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.485513926 CEST55314443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.485568047 CEST4435531413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.485640049 CEST55314443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.486119032 CEST55314443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.486148119 CEST4435531413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.492328882 CEST4435531013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.492470980 CEST4435531013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.492645025 CEST55310443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.495651007 CEST55310443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.495739937 CEST4435531013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.495786905 CEST55310443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.495805025 CEST4435531013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.498842955 CEST55315443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.498893976 CEST4435531513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.498961926 CEST55315443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.499126911 CEST55315443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.499146938 CEST4435531513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.536714077 CEST4435531113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.576507092 CEST55311443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.576534033 CEST4435531113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.576929092 CEST55311443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.576939106 CEST4435531113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.595012903 CEST4435531213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.595485926 CEST55312443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.595545053 CEST4435531213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.595912933 CEST55312443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.595925093 CEST4435531213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.686332941 CEST4435531113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.686413050 CEST4435531113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.686490059 CEST55311443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.686507940 CEST4435531113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.686533928 CEST4435531113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.686583996 CEST55311443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.695132017 CEST4435531213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.695322037 CEST4435531213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.695394039 CEST55312443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.702109098 CEST55311443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.702121973 CEST4435531113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.702151060 CEST55311443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.702157021 CEST4435531113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.722512960 CEST55312443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.722541094 CEST4435531213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.722572088 CEST55312443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.722582102 CEST4435531213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.728535891 CEST55316443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.728558064 CEST4435531613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.728620052 CEST55316443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.729410887 CEST55317443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.729432106 CEST4435531713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.729477882 CEST55317443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.729675055 CEST55316443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.729686022 CEST4435531613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.729744911 CEST55317443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.729757071 CEST4435531713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.788683891 CEST55309443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.788748026 CEST4435530913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.920573950 CEST4435531313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.921003103 CEST55313443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.921042919 CEST4435531313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:29.921489954 CEST55313443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:29.921498060 CEST4435531313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.022595882 CEST4435531313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.022660017 CEST4435531313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.022711992 CEST55313443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.022722960 CEST4435531313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.022762060 CEST4435531313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.022806883 CEST55313443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.023957968 CEST55313443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.023966074 CEST4435531313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.023977995 CEST55313443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.023983002 CEST4435531313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.027036905 CEST55318443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.027060986 CEST4435531813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.027122974 CEST55318443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.027256012 CEST55318443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.027268887 CEST4435531813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.127026081 CEST4435531413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.127466917 CEST55314443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.127509117 CEST4435531413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.127893925 CEST55314443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.127919912 CEST4435531413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.156081915 CEST4435531513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.156404018 CEST55315443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.156439066 CEST4435531513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.156752110 CEST55315443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.156758070 CEST4435531513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.231462002 CEST4435531413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.231615067 CEST4435531413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.231820107 CEST55314443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.232039928 CEST55314443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.232064009 CEST4435531413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.232079983 CEST55314443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.232088089 CEST4435531413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.234323978 CEST55319443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.234353065 CEST4435531913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.234421968 CEST55319443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.234554052 CEST55319443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.234565020 CEST4435531913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.255651951 CEST4435531513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.255810022 CEST4435531513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.255897999 CEST55315443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.255959988 CEST55315443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.255983114 CEST4435531513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.255994081 CEST55315443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.256000996 CEST4435531513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.258049011 CEST55320443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.258133888 CEST4435532013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.258214951 CEST55320443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.258310080 CEST55320443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.258337021 CEST4435532013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.402261972 CEST4435531713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.403143883 CEST55317443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.403156996 CEST4435531713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.403558016 CEST55317443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.403561115 CEST4435531713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.412498951 CEST4435531613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.412741899 CEST55316443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.412765026 CEST4435531613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.413021088 CEST55316443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.413023949 CEST4435531613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.528767109 CEST4435531713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.528836012 CEST4435531713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.528924942 CEST4435531713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.528953075 CEST55317443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.529066086 CEST55317443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.529459953 CEST55317443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.529472113 CEST4435531713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.529481888 CEST55317443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.529485941 CEST4435531713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.532169104 CEST55321443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.532182932 CEST4435532113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.532254934 CEST55321443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.532423973 CEST55321443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.532437086 CEST4435532113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.534101009 CEST4435531613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.534326077 CEST4435531613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.534375906 CEST55316443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.534393072 CEST55316443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.534399986 CEST4435531613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.534415007 CEST55316443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.534419060 CEST4435531613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.536092997 CEST55322443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.536103010 CEST4435532213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.536165953 CEST55322443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.536295891 CEST55322443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.536308050 CEST4435532213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.727596045 CEST4435531813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.727993011 CEST55318443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.728008986 CEST4435531813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.728401899 CEST55318443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.728408098 CEST4435531813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.833482981 CEST4435531813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.833532095 CEST4435531813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.833612919 CEST55318443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.833786011 CEST55318443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.833796024 CEST4435531813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.833831072 CEST55318443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.833833933 CEST4435531813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.837615967 CEST55323443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.837641954 CEST4435532313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.837728024 CEST55323443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.837898016 CEST55323443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.837927103 CEST4435532313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.887511015 CEST4435532013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.887888908 CEST55320443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.887948036 CEST4435532013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.888442993 CEST55320443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.888458014 CEST4435532013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.891846895 CEST4435531913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.892122984 CEST55319443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.892155886 CEST4435531913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.892457008 CEST55319443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.892462969 CEST4435531913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.985970974 CEST4435532013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.986044884 CEST4435532013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.986098051 CEST55320443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.986239910 CEST55320443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.986277103 CEST4435532013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.986304045 CEST55320443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.986319065 CEST4435532013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.988936901 CEST55324443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.989017963 CEST4435532413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.989093065 CEST55324443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.989312887 CEST55324443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.989347935 CEST4435532413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.994225025 CEST4435531913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.994282007 CEST4435531913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.994333982 CEST55319443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.994360924 CEST4435531913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.994371891 CEST4435531913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.994424105 CEST55319443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.994513035 CEST55319443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.994524956 CEST4435531913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.994534016 CEST55319443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.994539022 CEST4435531913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.996383905 CEST55325443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.996426105 CEST4435532513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:30.996498108 CEST55325443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.996628046 CEST55325443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:30.996642113 CEST4435532513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.174819946 CEST4435532213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.175271034 CEST55322443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.175282955 CEST4435532213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.175678015 CEST55322443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.175683975 CEST4435532213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.186120033 CEST4435532113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.186573029 CEST55321443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.186592102 CEST4435532113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.186949015 CEST55321443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.186954975 CEST4435532113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.272546053 CEST4435532213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.272835970 CEST4435532213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.272892952 CEST55322443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.273829937 CEST55322443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.273835897 CEST4435532213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.273847103 CEST55322443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.273852110 CEST4435532213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.276773930 CEST55326443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.276813030 CEST4435532613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.276894093 CEST55326443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.277040005 CEST55326443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.277051926 CEST4435532613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.285870075 CEST4435532113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.285943985 CEST4435532113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.285996914 CEST55321443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.286007881 CEST4435532113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.286046028 CEST4435532113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.286083937 CEST55321443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.286096096 CEST4435532113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.286106110 CEST55321443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.286111116 CEST4435532113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.286122084 CEST55321443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.286125898 CEST4435532113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.288028955 CEST55327443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.288089037 CEST4435532713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.288173914 CEST55327443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.288300991 CEST55327443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.288320065 CEST4435532713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.486731052 CEST4435532313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.489654064 CEST55323443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.489742041 CEST4435532313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.490122080 CEST55323443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.490176916 CEST4435532313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.587651014 CEST4435532313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.587768078 CEST4435532313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.587915897 CEST55323443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.588016987 CEST55323443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.588016987 CEST55323443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.588059902 CEST4435532313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.588088036 CEST4435532313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.590612888 CEST55328443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.590699911 CEST4435532813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.590949059 CEST55328443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.591063976 CEST55328443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.591094971 CEST4435532813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.646701097 CEST4435532513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.647173882 CEST55325443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.647203922 CEST4435532513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.647578955 CEST55325443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.647584915 CEST4435532513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.653287888 CEST4435532413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.653680086 CEST55324443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.653768063 CEST4435532413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.653913975 CEST55324443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.653930902 CEST4435532413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.748411894 CEST4435532513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.748893023 CEST4435532513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.748961926 CEST55325443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.748986006 CEST4435532513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.749026060 CEST4435532513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.749077082 CEST55325443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.749202013 CEST55325443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.749222040 CEST4435532513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.749233007 CEST55325443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.749239922 CEST4435532513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.752130032 CEST55329443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.752156019 CEST4435532913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.752237082 CEST55329443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.752398968 CEST55329443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.752413988 CEST4435532913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.755716085 CEST4435532413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.755848885 CEST4435532413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.755932093 CEST55324443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.755932093 CEST55324443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.756011963 CEST55324443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.756048918 CEST4435532413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.757808924 CEST55330443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.757817984 CEST4435533013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.757893085 CEST55330443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.758002043 CEST55330443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.758018017 CEST4435533013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.930793047 CEST4435532613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.931372881 CEST55326443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.931405067 CEST4435532613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.931819916 CEST55326443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.931827068 CEST4435532613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.957391024 CEST4435532713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.958003998 CEST55327443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.958076954 CEST4435532713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:31.958273888 CEST55327443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:31.958292007 CEST4435532713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.031069040 CEST4435532613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.031217098 CEST4435532613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.031440973 CEST55326443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.042058945 CEST55326443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.042083025 CEST4435532613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.042095900 CEST55326443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.042103052 CEST4435532613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.044428110 CEST55332443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.044518948 CEST4435533213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.044595003 CEST55332443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.044826984 CEST55332443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.044861078 CEST4435533213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.060856104 CEST4435532713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.061028004 CEST4435532713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.061120033 CEST55327443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.062993050 CEST55327443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.063023090 CEST4435532713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.063057899 CEST55327443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.063072920 CEST4435532713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.119843960 CEST55333443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.119890928 CEST4435533313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.119986057 CEST55333443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.120124102 CEST55333443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.120132923 CEST4435533313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.231410980 CEST4435532813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.231817961 CEST55328443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.231895924 CEST4435532813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.232280016 CEST55328443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.232294083 CEST4435532813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.330073118 CEST4435532813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.330197096 CEST4435532813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.330476046 CEST55328443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.330476046 CEST55328443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.330476046 CEST55328443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.332978010 CEST55334443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.332995892 CEST4435533413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.333055019 CEST55334443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.333173037 CEST55334443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.333178997 CEST4435533413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.409977913 CEST4435533013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.410588980 CEST55330443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.410619974 CEST4435533013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.411175013 CEST55330443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.411180019 CEST4435533013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.414378881 CEST4435532913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.420604944 CEST55329443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.420622110 CEST4435532913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.421227932 CEST55329443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.421232939 CEST4435532913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.509294987 CEST4435533013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.509469032 CEST4435533013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.509521961 CEST55330443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.509584904 CEST55330443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.509598017 CEST4435533013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.509617090 CEST55330443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.509620905 CEST4435533013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.512521982 CEST55335443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.512593985 CEST4435533513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.512671947 CEST55335443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.512790918 CEST55335443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.512814999 CEST4435533513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.524183989 CEST4435532913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.524346113 CEST4435532913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.524404049 CEST55329443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.524441957 CEST55329443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.524447918 CEST4435532913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.524483919 CEST55329443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.524487972 CEST4435532913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.526770115 CEST55336443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.526793003 CEST4435533613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.526858091 CEST55336443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.526983976 CEST55336443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.526993990 CEST4435533613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.632441044 CEST55328443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.632503033 CEST4435532813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.721168041 CEST4435533213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.721731901 CEST55332443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.721762896 CEST4435533213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.722333908 CEST55332443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.722346067 CEST4435533213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.797126055 CEST4435533313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.797651052 CEST55333443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.797667980 CEST4435533313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.798259974 CEST55333443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.798265934 CEST4435533313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.821381092 CEST4435533213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.821538925 CEST4435533213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.821599007 CEST55332443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.821682930 CEST55332443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.821682930 CEST55332443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.821701050 CEST4435533213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.821713924 CEST4435533213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.824697018 CEST55337443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.824712992 CEST4435533713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.824793100 CEST55337443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.824928999 CEST55337443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.824937105 CEST4435533713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.897245884 CEST4435533313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.897376060 CEST4435533313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.897445917 CEST55333443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.897505045 CEST55333443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.897520065 CEST4435533313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.897530079 CEST55333443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.897536993 CEST4435533313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.900249958 CEST55338443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.900273085 CEST4435533813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.900346041 CEST55338443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.900477886 CEST55338443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.900494099 CEST4435533813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.977994919 CEST4435533413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.978338003 CEST55334443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.978346109 CEST4435533413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:32.978740931 CEST55334443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:32.978744984 CEST4435533413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.084594011 CEST4435533413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.084872961 CEST4435533413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.084913015 CEST4435533413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.084914923 CEST55334443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.084959984 CEST55334443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.084994078 CEST55334443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.085014105 CEST4435533413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.085021973 CEST55334443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.085026979 CEST4435533413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.090049982 CEST55339443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.090081930 CEST4435533913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.090137959 CEST55339443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.090445995 CEST55339443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.090457916 CEST4435533913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.163431883 CEST4435533613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.163949966 CEST55336443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.163976908 CEST4435533613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.164396048 CEST55336443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.164401054 CEST4435533613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.185622931 CEST4435533513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.186192989 CEST55335443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.186238050 CEST4435533513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.186677933 CEST55335443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.186686993 CEST4435533513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.266175032 CEST4435533613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.266578913 CEST4435533613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.266629934 CEST4435533613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.266644001 CEST55336443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.266676903 CEST55336443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.266727924 CEST55336443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.266743898 CEST4435533613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.266752958 CEST55336443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.266757011 CEST4435533613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.269224882 CEST55340443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.269320011 CEST4435534013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.269403934 CEST55340443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.269571066 CEST55340443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.269608021 CEST4435534013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.288830042 CEST4435533513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.289038897 CEST4435533513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.289242983 CEST55335443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.289243937 CEST55335443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.289243937 CEST55335443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.292026043 CEST55341443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.292110920 CEST4435534113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.292196035 CEST55341443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.292347908 CEST55341443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.292385101 CEST4435534113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.459140062 CEST4435533713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.459619045 CEST55337443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.459645987 CEST4435533713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.460228920 CEST55337443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.460237026 CEST4435533713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.569164991 CEST4435533713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.569334984 CEST4435533713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.569410086 CEST55337443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.569463015 CEST55337443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.569484949 CEST4435533713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.569499969 CEST55337443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.569508076 CEST4435533713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.572843075 CEST55342443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.572930098 CEST4435534213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.573023081 CEST55342443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.573216915 CEST55342443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.573252916 CEST4435534213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.575519085 CEST4435533813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.575875044 CEST55338443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.575895071 CEST4435533813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.576302052 CEST55338443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.576308012 CEST4435533813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.602188110 CEST55335443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.602250099 CEST4435533513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.691358089 CEST4435533813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.691468000 CEST4435533813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.691524029 CEST55338443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.691533089 CEST4435533813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.691572905 CEST4435533813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.691626072 CEST55338443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.692123890 CEST55338443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.692130089 CEST4435533813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.692148924 CEST55338443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.692154884 CEST4435533813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.695590973 CEST55343443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.695682049 CEST4435534313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.695761919 CEST55343443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.696922064 CEST55343443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.696957111 CEST4435534313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.754009008 CEST4435533913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.754535913 CEST55339443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.754566908 CEST4435533913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.754961014 CEST55339443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.754965067 CEST4435533913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.852715969 CEST4435533913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.853051901 CEST4435533913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.853112936 CEST55339443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.853148937 CEST55339443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.853166103 CEST4435533913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.853173971 CEST55339443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.853178978 CEST4435533913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.855824947 CEST55344443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.855859995 CEST4435534413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.855922937 CEST55344443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.856040955 CEST55344443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.856056929 CEST4435534413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.918389082 CEST4435534013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.918804884 CEST55340443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.918853998 CEST4435534013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.919411898 CEST55340443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.919424057 CEST4435534013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.934731007 CEST4435534113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.935142040 CEST55341443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.935225964 CEST4435534113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:33.935646057 CEST55341443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:33.935662031 CEST4435534113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.016674995 CEST4435534013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.016829967 CEST4435534013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.016896963 CEST55340443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.016973972 CEST55340443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.016973972 CEST55340443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.017016888 CEST4435534013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.017050028 CEST4435534013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.019820929 CEST55345443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.019903898 CEST4435534513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.019995928 CEST55345443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.020138025 CEST55345443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.020164013 CEST4435534513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.033688068 CEST4435534113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.033752918 CEST4435534113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.033926964 CEST55341443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.033926964 CEST55341443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.034008026 CEST55341443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.034050941 CEST4435534113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.036273956 CEST55346443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.036356926 CEST4435534613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.036447048 CEST55346443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.036561012 CEST55346443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.036600113 CEST4435534613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.263423920 CEST4435534213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.263977051 CEST55342443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.264059067 CEST4435534213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.264568090 CEST55342443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.264584064 CEST4435534213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.380913019 CEST4435534213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.381020069 CEST4435534213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.381073952 CEST4435534213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.381091118 CEST55342443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.381156921 CEST55342443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.381158113 CEST4435534313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.381267071 CEST55342443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.381268024 CEST55342443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.381309032 CEST4435534213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.381335974 CEST4435534213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.382921934 CEST55343443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.382999897 CEST4435534313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.383304119 CEST55343443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.383316994 CEST4435534313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.384723902 CEST55347443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.384753942 CEST4435534713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.384809971 CEST55347443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.384912014 CEST55347443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.384922981 CEST4435534713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.481120110 CEST4435534313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.481412888 CEST4435534313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.481514931 CEST55343443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.481617928 CEST55343443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.481662035 CEST4435534313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.481713057 CEST55343443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.481728077 CEST4435534313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.483866930 CEST55348443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.483911991 CEST4435534813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.483978033 CEST55348443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.484102011 CEST55348443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.484110117 CEST4435534813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.565279007 CEST4435534413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.571557045 CEST55344443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.571573019 CEST4435534413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.575721979 CEST55344443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.575726032 CEST4435534413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.615895987 CEST4435534513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.618369102 CEST55345443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.618448973 CEST4435534513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.618735075 CEST55345443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.618750095 CEST4435534513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.674683094 CEST4435534413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.674814939 CEST4435534413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.674870968 CEST55344443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.675359011 CEST55344443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.675369024 CEST4435534413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.675409079 CEST55344443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.675412893 CEST4435534413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.678826094 CEST55349443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.678910971 CEST4435534913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.679183960 CEST55349443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.679183960 CEST55349443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.679317951 CEST4435534913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.714958906 CEST4435534513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.715013981 CEST4435534513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.715100050 CEST55345443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.715131044 CEST4435534513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.715195894 CEST55345443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.715272903 CEST55345443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.715310097 CEST4435534513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.715363979 CEST55345443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.715380907 CEST4435534513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.717369080 CEST55350443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.717453957 CEST4435535013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.717534065 CEST55350443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.717643023 CEST55350443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.717667103 CEST4435535013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.733057976 CEST4435534613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.733458996 CEST55346443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.733517885 CEST4435534613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.734018087 CEST55346443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.734033108 CEST4435534613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.835621119 CEST4435534613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.835773945 CEST4435534613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.835846901 CEST55346443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.837352037 CEST55346443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.837352991 CEST55346443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.837394953 CEST4435534613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.837423086 CEST4435534613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.841008902 CEST55351443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.841063023 CEST4435535113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:34.841120005 CEST55351443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.841516972 CEST55351443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:34.841531038 CEST4435535113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.035875082 CEST4435534713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.036362886 CEST55347443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.036377907 CEST4435534713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.036968946 CEST55347443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.036973953 CEST4435534713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.136159897 CEST4435534713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.136220932 CEST4435534713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.136287928 CEST55347443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.136301041 CEST4435534713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.136348009 CEST4435534713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.136399031 CEST55347443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.136523008 CEST55347443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.136534929 CEST4435534713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.136543989 CEST55347443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.136548042 CEST4435534713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.139671087 CEST55352443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.139754057 CEST4435535213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.139857054 CEST55352443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.140006065 CEST55352443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.140041113 CEST4435535213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.172863960 CEST4435534813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.173351049 CEST55348443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.173377037 CEST4435534813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.173960924 CEST55348443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.173969984 CEST4435534813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.276808023 CEST4435534813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.276880026 CEST4435534813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.276940107 CEST55348443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.276958942 CEST4435534813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.277023077 CEST4435534813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.277077913 CEST55348443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.277205944 CEST55348443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.277220964 CEST4435534813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.277230978 CEST55348443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.277236938 CEST4435534813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.280440092 CEST55353443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.280531883 CEST4435535313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.280620098 CEST55353443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.280848980 CEST55353443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.280885935 CEST4435535313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.331089020 CEST4435534913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.331562996 CEST55349443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.331620932 CEST4435534913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.332180023 CEST55349443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.332194090 CEST4435534913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.357208967 CEST4435535013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.357630968 CEST55350443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.357649088 CEST4435535013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.357990980 CEST55350443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.358000994 CEST4435535013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.436239958 CEST4435534913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.436297894 CEST4435534913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.436358929 CEST55349443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.436407089 CEST4435534913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.436567068 CEST55349443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.436568022 CEST55349443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.436605930 CEST4435534913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.436712980 CEST4435534913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.439189911 CEST55354443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.439291954 CEST4435535413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.439378023 CEST55354443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.439513922 CEST55354443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.439537048 CEST4435535413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.456756115 CEST4435535013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.456804991 CEST4435535013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.456868887 CEST55350443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.456888914 CEST4435535013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.456958055 CEST4435535013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.457011938 CEST55350443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.457170010 CEST55350443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.457201958 CEST4435535013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.457226992 CEST55350443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.457242012 CEST4435535013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.460351944 CEST55355443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.460396051 CEST4435535513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.460473061 CEST55355443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.460597992 CEST55355443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.460644007 CEST4435535513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.522917986 CEST4435535113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.523407936 CEST55351443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.523447990 CEST4435535113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.523925066 CEST55351443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.523931980 CEST4435535113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.629473925 CEST4435535113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.629630089 CEST4435535113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.629856110 CEST55351443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.629856110 CEST55351443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.629856110 CEST55351443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.632571936 CEST55356443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.632616043 CEST4435535613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.632689953 CEST55356443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.632795095 CEST55356443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.632807016 CEST4435535613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.785609007 CEST4435535213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.786288023 CEST55352443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.786377907 CEST4435535213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.786551952 CEST55352443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.786569118 CEST4435535213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.887042046 CEST4435535213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.887113094 CEST4435535213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.887300014 CEST55352443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.887384892 CEST55352443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.887384892 CEST55352443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.887428999 CEST4435535213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.887461901 CEST4435535213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.890108109 CEST55357443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.890151978 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.890222073 CEST55357443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.890348911 CEST55357443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.890357971 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.917649984 CEST4435535313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.918065071 CEST55353443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.918107986 CEST4435535313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.918612003 CEST55353443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.918625116 CEST4435535313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:35.929337025 CEST55351443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:35.929357052 CEST4435535113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.030276060 CEST4435535313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.030459881 CEST4435535313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.030512094 CEST55353443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.030605078 CEST55353443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.030616999 CEST4435535313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.030625105 CEST55353443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.030630112 CEST4435535313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.034130096 CEST55358443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.034168005 CEST4435535813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.034233093 CEST55358443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.034351110 CEST55358443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.034358978 CEST4435535813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.090692997 CEST4435535413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.091078043 CEST55354443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.091131926 CEST4435535413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.091465950 CEST55354443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.091480017 CEST4435535413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.109941959 CEST4435535513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.110328913 CEST55355443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.110409975 CEST4435535513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.110666990 CEST55355443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.110682011 CEST4435535513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.205564022 CEST4435535413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.207487106 CEST4435535413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.207561016 CEST55354443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.207613945 CEST55354443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.207613945 CEST55354443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.207643986 CEST4435535413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.207665920 CEST4435535413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.210124016 CEST55359443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.210167885 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.210232973 CEST55359443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.210346937 CEST55359443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.210366964 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.221832991 CEST4435535513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.221852064 CEST4435535513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.222004890 CEST4435535513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.222059965 CEST55355443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.222059965 CEST55355443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.222141981 CEST55355443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.222141981 CEST55355443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.222183943 CEST4435535513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.222217083 CEST4435535513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.223956108 CEST55360443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.224046946 CEST4435536013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.224143028 CEST55360443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.224271059 CEST55360443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.224308968 CEST4435536013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.304339886 CEST4435535613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.304987907 CEST55356443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.305033922 CEST4435535613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.305336952 CEST55356443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.305365086 CEST4435535613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.405463934 CEST4435535613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.405524969 CEST4435535613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.405670881 CEST4435535613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.405771971 CEST55356443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.405771971 CEST55356443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.405771971 CEST55356443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.405819893 CEST55356443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.405838013 CEST4435535613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.407705069 CEST55361443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.407722950 CEST4435536113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.407779932 CEST55361443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.407881975 CEST55361443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.407892942 CEST4435536113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.565733910 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.566210032 CEST55357443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.566257000 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.566606998 CEST55357443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.566611052 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.675987005 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.676054001 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.676098108 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.676136971 CEST55357443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.676151991 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.676162958 CEST55357443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.676201105 CEST55357443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.697715044 CEST4435535813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.698529005 CEST55358443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.698549986 CEST4435535813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.698992968 CEST55358443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.698997974 CEST4435535813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.764121056 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.764220953 CEST55357443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.764229059 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.764297009 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.764317036 CEST55357443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.764333010 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.764343023 CEST55357443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.764343023 CEST55357443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.764350891 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.764355898 CEST4435535713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.766661882 CEST55362443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.766683102 CEST4435536213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.766756058 CEST55362443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.766881943 CEST55362443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.766892910 CEST4435536213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.800772905 CEST4435535813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.800838947 CEST4435535813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.800889969 CEST55358443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.800903082 CEST4435535813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.801060915 CEST4435535813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.801109076 CEST55358443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.801336050 CEST55358443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.801346064 CEST4435535813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.801353931 CEST55358443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.801357985 CEST4435535813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.806581974 CEST55363443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.806664944 CEST4435536313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.806757927 CEST55363443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.808540106 CEST55363443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.808573961 CEST4435536313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.886192083 CEST4435536013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.886620998 CEST55360443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.886647940 CEST4435536013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.887027979 CEST55360443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.887041092 CEST4435536013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.893969059 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.894294977 CEST55359443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.894314051 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.894692898 CEST55359443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.894700050 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.989696980 CEST4435536013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.989716053 CEST4435536013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.989804029 CEST55360443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.989882946 CEST4435536013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.989932060 CEST55360443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.990083933 CEST4435536013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.990139961 CEST4435536013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.990194082 CEST55360443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.999480963 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.999573946 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.999598026 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.999630928 CEST55359443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.999645948 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:36.999665022 CEST55359443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:36.999691963 CEST55359443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.015647888 CEST55360443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.015710115 CEST4435536013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.015753984 CEST55360443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.015772104 CEST4435536013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.055984974 CEST4435536113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.090236902 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.090285063 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.090316057 CEST55359443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.090327978 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.090354919 CEST55359443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.090369940 CEST55359443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.090374947 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.090456009 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.090502977 CEST55359443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.091257095 CEST55361443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.091274977 CEST4435536113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.094542027 CEST55361443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.094554901 CEST4435536113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.105792999 CEST55359443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.105792999 CEST55359443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.105824947 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.105839968 CEST4435535913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.128004074 CEST55364443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.128035069 CEST4435536413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.128104925 CEST55364443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.128514051 CEST55364443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.128531933 CEST4435536413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.129688978 CEST55365443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.129720926 CEST4435536513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.129775047 CEST55365443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.129931927 CEST55365443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.129940987 CEST4435536513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.190092087 CEST4435536113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.190146923 CEST4435536113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.190191031 CEST55361443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.190202951 CEST4435536113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.190304041 CEST4435536113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.190349102 CEST55361443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.190516949 CEST55361443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.190530062 CEST4435536113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.190537930 CEST55361443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.190541983 CEST4435536113.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.194277048 CEST55366443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.194293022 CEST4435536613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.194338083 CEST55366443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.194473028 CEST55366443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.194482088 CEST4435536613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.423619032 CEST4435536213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.424077988 CEST55362443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.424096107 CEST4435536213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.424504995 CEST55362443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.424509048 CEST4435536213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.449347019 CEST4435536313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.449692011 CEST55363443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.449764013 CEST4435536313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.450021982 CEST55363443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.450036049 CEST4435536313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.525095940 CEST4435536213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.525425911 CEST4435536213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.525489092 CEST55362443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.525516987 CEST55362443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.525525093 CEST4435536213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.525532961 CEST55362443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.525537014 CEST4435536213.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.527817965 CEST55367443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.527848005 CEST4435536713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.527918100 CEST55367443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.528172970 CEST55367443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.528192043 CEST4435536713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.548585892 CEST4435536313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.548716068 CEST4435536313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.548782110 CEST55363443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.548829079 CEST55363443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.548829079 CEST55363443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.548851967 CEST4435536313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.548873901 CEST4435536313.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.550589085 CEST55368443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.550618887 CEST4435536813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.550678968 CEST55368443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.550946951 CEST55368443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.550960064 CEST4435536813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.789984941 CEST4435536413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.790381908 CEST55364443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.790404081 CEST4435536413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.790800095 CEST55364443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.790807962 CEST4435536413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.794471025 CEST4435536513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.794852972 CEST55365443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.794872046 CEST4435536513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.795308113 CEST55365443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.795311928 CEST4435536513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.856895924 CEST4435536613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.857436895 CEST55366443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.857460976 CEST4435536613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.857853889 CEST55366443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.857857943 CEST4435536613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.890016079 CEST4435536413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.890642881 CEST4435536413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.890707970 CEST55364443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.890746117 CEST55364443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.890746117 CEST55364443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.890762091 CEST4435536413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.890774012 CEST4435536413.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.893229008 CEST4435536513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.893270969 CEST55369443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.893353939 CEST4435536913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.893394947 CEST4435536513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.893446922 CEST55369443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.893457890 CEST55365443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.893480062 CEST55365443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.893491983 CEST4435536513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.893501043 CEST55365443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.893506050 CEST4435536513.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.893670082 CEST55369443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.893707991 CEST4435536913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.895463943 CEST55370443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.895484924 CEST4435537013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.895570040 CEST55370443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.895688057 CEST55370443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.895714998 CEST4435537013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.955686092 CEST4435536613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.955749035 CEST4435536613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.955799103 CEST55366443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.955807924 CEST4435536613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.955847025 CEST4435536613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.955890894 CEST55366443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.956021070 CEST55366443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.956026077 CEST4435536613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:37.956032038 CEST55366443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:37.956036091 CEST4435536613.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.167968035 CEST4435536713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.168615103 CEST55367443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.168638945 CEST4435536713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.168972015 CEST55367443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.168978930 CEST4435536713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.203234911 CEST4435536813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.203586102 CEST55368443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.203598976 CEST4435536813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.203919888 CEST55368443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.203924894 CEST4435536813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.270361900 CEST4435536713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.270833015 CEST4435536713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.270906925 CEST55367443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.270939112 CEST55367443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.270948887 CEST4435536713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.270957947 CEST55367443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.270962000 CEST4435536713.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.308178902 CEST4435536813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.308621883 CEST4435536813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.308712006 CEST55368443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.308749914 CEST55368443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.308767080 CEST4435536813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.308799982 CEST55368443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.308804989 CEST4435536813.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.534434080 CEST4435536913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.535137892 CEST55369443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.535226107 CEST4435536913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.535450935 CEST55369443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.535469055 CEST4435536913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.550530910 CEST4435537013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.551187992 CEST55370443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.551250935 CEST4435537013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.551701069 CEST55370443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.551788092 CEST4435537013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.845576048 CEST4435536913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.845663071 CEST4435536913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.845752001 CEST55369443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.845905066 CEST4435537013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.845972061 CEST55369443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.846019983 CEST4435536913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.846050024 CEST4435537013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.846056938 CEST55369443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.846072912 CEST4435536913.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.846108913 CEST55370443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.846334934 CEST55370443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.846354008 CEST4435537013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:38.846379042 CEST55370443192.168.2.413.107.246.45
                                                        Oct 3, 2024 23:17:38.846390963 CEST4435537013.107.246.45192.168.2.4
                                                        Oct 3, 2024 23:17:47.995784044 CEST55169443192.168.2.4142.250.186.132
                                                        Oct 3, 2024 23:17:47.995816946 CEST44355169142.250.186.132192.168.2.4
                                                        Oct 3, 2024 23:17:47.996078014 CEST55371443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:47.996164083 CEST44355371142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:47.996242046 CEST55371443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:47.996658087 CEST55371443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:47.996695995 CEST44355371142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:48.828473091 CEST55372443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:48.828506947 CEST44355372142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:48.828577995 CEST55372443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:48.828869104 CEST55372443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:48.828888893 CEST44355372142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:48.910816908 CEST44355371142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:48.911226988 CEST55371443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:48.911289930 CEST44355371142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:48.912561893 CEST44355371142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:48.912897110 CEST55371443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:48.913048983 CEST55371443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:48.913048983 CEST55371443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:48.913070917 CEST44355371142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:48.913099051 CEST44355371142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:48.959410906 CEST44355371142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:48.961925030 CEST55371443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:49.213717937 CEST44355371142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:49.214375019 CEST44355371142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:49.214576960 CEST55371443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:49.214910030 CEST55371443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:49.214972973 CEST44355371142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:49.520265102 CEST44355372142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:49.520692110 CEST55372443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:49.520725965 CEST44355372142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:49.521959066 CEST44355372142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:49.522254944 CEST55372443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:49.522403002 CEST55372443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:49.522417068 CEST44355372142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:49.522429943 CEST55372443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:49.522435904 CEST44355372142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:49.567405939 CEST44355372142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:49.570036888 CEST55372443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:49.826055050 CEST44355372142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:49.826400995 CEST44355372142.250.186.78192.168.2.4
                                                        Oct 3, 2024 23:17:49.826466084 CEST55372443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:49.826719046 CEST55372443192.168.2.4142.250.186.78
                                                        Oct 3, 2024 23:17:49.826738119 CEST44355372142.250.186.78192.168.2.4

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Oct 3, 2024 23:16:02.406625986 CEST5522753192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:02.406763077 CEST6479853192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:02.413579941 CEST53552271.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:02.414557934 CEST53647981.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:02.455837011 CEST53566131.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:02.500353098 CEST53600051.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:03.628390074 CEST5710853192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:03.631354094 CEST5330253192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:03.635899067 CEST53571081.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:03.638290882 CEST53533021.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:03.657922983 CEST53584151.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:06.806101084 CEST5412053192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:06.806299925 CEST4972153192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:06.813276052 CEST53541201.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:06.813935995 CEST53497211.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:09.129993916 CEST53587841.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:11.952332973 CEST6073253192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:11.952651024 CEST4954453192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:11.959336996 CEST53495441.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:11.959436893 CEST53607321.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:13.436162949 CEST6168853192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:13.437390089 CEST6446453192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:16:13.443195105 CEST53616881.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:13.444869995 CEST53644641.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:14.780584097 CEST53507781.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:19.751997948 CEST138138192.168.2.4192.168.2.255
                                                        Oct 3, 2024 23:16:20.716794014 CEST53578701.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:16:24.754803896 CEST53529251.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:17:02.144062042 CEST53571091.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:17:10.865482092 CEST53590241.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:17:15.871637106 CEST5226353192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:17:15.871783972 CEST6017853192.168.2.41.1.1.1
                                                        Oct 3, 2024 23:17:15.878567934 CEST53522631.1.1.1192.168.2.4
                                                        Oct 3, 2024 23:17:15.878607988 CEST53601781.1.1.1192.168.2.4

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Oct 3, 2024 23:16:02.406625986 CEST192.168.2.41.1.1.10x4e94Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:02.406763077 CEST192.168.2.41.1.1.10x77cdStandard query (0)youtube.com65IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.628390074 CEST192.168.2.41.1.1.10xed8cStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.631354094 CEST192.168.2.41.1.1.10xd997Standard query (0)www.youtube.com65IN (0x0001)false
                                                        Oct 3, 2024 23:16:06.806101084 CEST192.168.2.41.1.1.10x92b4Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:06.806299925 CEST192.168.2.41.1.1.10xe97Standard query (0)www.google.com65IN (0x0001)false
                                                        Oct 3, 2024 23:16:11.952332973 CEST192.168.2.41.1.1.10x10e2Standard query (0)accounts.youtube.comA (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:11.952651024 CEST192.168.2.41.1.1.10x57feStandard query (0)accounts.youtube.com65IN (0x0001)false
                                                        Oct 3, 2024 23:16:13.436162949 CEST192.168.2.41.1.1.10x7a22Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:13.437390089 CEST192.168.2.41.1.1.10xdbc6Standard query (0)play.google.com65IN (0x0001)false
                                                        Oct 3, 2024 23:17:15.871637106 CEST192.168.2.41.1.1.10x4582Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:17:15.871783972 CEST192.168.2.41.1.1.10xff33Standard query (0)play.google.com65IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Oct 3, 2024 23:16:02.413579941 CEST1.1.1.1192.168.2.40x4e94No error (0)youtube.com142.250.186.174A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:02.414557934 CEST1.1.1.1192.168.2.40x77cdNo error (0)youtube.com65IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.635899067 CEST1.1.1.1192.168.2.40xed8cNo error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.638290882 CEST1.1.1.1192.168.2.40xd997No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                        Oct 3, 2024 23:16:03.638290882 CEST1.1.1.1192.168.2.40xd997No error (0)youtube-ui.l.google.com65IN (0x0001)false
                                                        Oct 3, 2024 23:16:06.813276052 CEST1.1.1.1192.168.2.40x92b4No error (0)www.google.com142.250.186.132A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:06.813935995 CEST1.1.1.1192.168.2.40xe97No error (0)www.google.com65IN (0x0001)false
                                                        Oct 3, 2024 23:16:11.959336996 CEST1.1.1.1192.168.2.40x57feNo error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                        Oct 3, 2024 23:16:11.959436893 CEST1.1.1.1192.168.2.40x10e2No error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                        Oct 3, 2024 23:16:11.959436893 CEST1.1.1.1192.168.2.40x10e2No error (0)www3.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:16:13.443195105 CEST1.1.1.1192.168.2.40x7a22No error (0)play.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                        Oct 3, 2024 23:17:15.878567934 CEST1.1.1.1192.168.2.40x4582No error (0)play.google.com142.250.186.78A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • youtube.com
                                                        • www.youtube.com
                                                        • fs.microsoft.com
                                                        • https:
                                                          • accounts.youtube.com
                                                          • play.google.com
                                                          • www.google.com
                                                        • slscr.update.microsoft.com
                                                        • otelrules.azureedge.net

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.449730142.250.186.1744437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:03 UTC851OUTGET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1
                                                        Host: youtube.com
                                                        Connection: keep-alive
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Upgrade-Insecure-Requests: 1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                        Sec-Fetch-Site: none
                                                        Sec-Fetch-Mode: navigate
                                                        Sec-Fetch-User: ?1
                                                        Sec-Fetch-Dest: document
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-10-03 21:16:03 UTC1704INHTTP/1.1 301 Moved Permanently
                                                        Content-Type: application/binary
                                                        X-Content-Type-Options: nosniff
                                                        Expires: Thu, 03 Oct 2024 21:16:03 GMT
                                                        Date: Thu, 03 Oct 2024 21:16:03 GMT
                                                        Cache-Control: private, max-age=31536000
                                                        Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                                                        X-Frame-Options: SAMEORIGIN
                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                        Content-Security-Policy: require-trusted-types-for 'script'
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
                                                        Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
                                                        Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.449736142.250.185.1744437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:04 UTC869OUTGET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1
                                                        Host: www.youtube.com
                                                        Connection: keep-alive
                                                        Upgrade-Insecure-Requests: 1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                        Sec-Fetch-Site: none
                                                        Sec-Fetch-Mode: navigate
                                                        Sec-Fetch-User: ?1
                                                        Sec-Fetch-Dest: document
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-10-03 21:16:04 UTC2656INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        X-Content-Type-Options: nosniff
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 03 Oct 2024 21:16:04 GMT
                                                        Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en
                                                        Strict-Transport-Security: max-age=31536000
                                                        X-Frame-Options: SAMEORIGIN
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
                                                        P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Thu, 03-Oct-2024 21:46:04 GMT; Path=/; Secure; HttpOnly
                                                        Set-Cookie: YSC=zPOKYEy5c8w; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                        Set-Cookie: VISITOR_INFO1_LIVE=bjD3-1kyhk8; Domain=.youtube.com; Expires=Tue, 01-Apr-2025 21:16:04 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                        Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgZQ%3D%3D; Domain=.youtube.com; Expires=Tue, 01-Apr-2025 21:16:04 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.449742184.28.90.27443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:07 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept: */*
                                                        Accept-Encoding: identity
                                                        User-Agent: Microsoft BITS/7.8
                                                        Host: fs.microsoft.com
                                                        2024-10-03 21:16:07 UTC467INHTTP/1.1 200 OK
                                                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                        Content-Type: application/octet-stream
                                                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                        Server: ECAcc (lpl/EF70)
                                                        X-CID: 11
                                                        X-Ms-ApiVersion: Distribute 1.2
                                                        X-Ms-Region: prod-neu-z1
                                                        Cache-Control: public, max-age=242946
                                                        Date: Thu, 03 Oct 2024 21:16:07 GMT
                                                        Connection: close
                                                        X-CID: 2


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        3192.168.2.449745184.28.90.27443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:08 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept: */*
                                                        Accept-Encoding: identity
                                                        If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                        Range: bytes=0-2147483646
                                                        User-Agent: Microsoft BITS/7.8
                                                        Host: fs.microsoft.com
                                                        2024-10-03 21:16:09 UTC515INHTTP/1.1 200 OK
                                                        ApiVersion: Distribute 1.1
                                                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                        Content-Type: application/octet-stream
                                                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                        Server: ECAcc (lpl/EF06)
                                                        X-CID: 11
                                                        X-Ms-ApiVersion: Distribute 1.2
                                                        X-Ms-Region: prod-weu-z1
                                                        Cache-Control: public, max-age=243019
                                                        Date: Thu, 03 Oct 2024 21:16:09 GMT
                                                        Content-Length: 55
                                                        Connection: close
                                                        X-CID: 2
                                                        2024-10-03 21:16:09 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                        Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        4192.168.2.449757142.250.184.2384437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:12 UTC1237OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1617021717&timestamp=1727990170581 HTTP/1.1
                                                        Host: accounts.youtube.com
                                                        Connection: keep-alive
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        sec-ch-ua-arch: "x86"
                                                        sec-ch-ua-platform: "Windows"
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        Upgrade-Insecure-Requests: 1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                        Sec-Fetch-Site: cross-site
                                                        Sec-Fetch-Mode: navigate
                                                        Sec-Fetch-User: ?1
                                                        Sec-Fetch-Dest: iframe
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-10-03 21:16:12 UTC1969INHTTP/1.1 200 OK
                                                        Content-Type: text/html; charset=utf-8
                                                        X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                        Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                        Content-Security-Policy: script-src 'report-sample' 'nonce--Nk0wZ9N_-pwmglck2Oi5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Thu, 03 Oct 2024 21:16:12 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmJw1pBikPj6kkkDiJ3SZ7AGAXHSv_OsRUB8ufsS63UgVu25xGoKxEUSV1ibgFiIh2PO5D_b2QQ6Zi7qZFbSS8ovjM9MSc0rySypTMnPTczMS87Pz85MLS5OLSpLLYo3MjAyMbA0stQzsIgvMAAAu8ws4g"
                                                        Server: ESF
                                                        X-XSS-Protection: 0
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2024-10-03 21:16:12 UTC1969INData Raw: 37 36 31 63 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 2d 4e 6b 30 77 5a 39 4e 5f 2d 70 77 6d 67 6c 63 6b 32 4f 69 35 41 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                                                        Data Ascii: 761c<html><head><script nonce="-Nk0wZ9N_-pwmglck2Oi5A">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                                                        2024-10-03 21:16:12 UTC1969INData Raw: 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28
                                                        Data Ascii: Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\(
                                                        2024-10-03 21:16:12 UTC1969INData Raw: 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e
                                                        Data Ascii: tch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&a in
                                                        2024-10-03 21:16:12 UTC1969INData Raw: 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b 64 3d 61 5b 62 2d
                                                        Data Ascii: {var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){d=a[b-
                                                        2024-10-03 21:16:12 UTC1969INData Raw: 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65
                                                        Data Ascii: ol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="function"&&type
                                                        2024-10-03 21:16:12 UTC1969INData Raw: 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 49 28 6b 2c 66 29 29
                                                        Data Ascii: );e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!I(k,f))
                                                        2024-10-03 21:16:12 UTC1969INData Raw: 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29
                                                        Data Ascii: urn g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"||l=="function"?b.has(k)
                                                        2024-10-03 21:16:12 UTC1969INData Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45
                                                        Data Ascii: on(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb||{},q=this||self,gb=q._F_toggles||[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Math.random()*1E
                                                        2024-10-03 21:16:13 UTC1969INData Raw: 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68
                                                        Data Ascii: text__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c||q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=function(a){var b=h
                                                        2024-10-03 21:16:13 UTC1969INData Raw: 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b 63 2e 70 75 73 68 28 22 5b 65 78 63 65 70 74 69 6f 6e
                                                        Data Ascii: "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){c.push("[exception


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        5192.168.2.449760142.250.185.1424437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:14 UTC549OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Accept: */*
                                                        Access-Control-Request-Method: POST
                                                        Access-Control-Request-Headers: x-goog-authuser
                                                        Origin: https://accounts.google.com
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-10-03 21:16:14 UTC520INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                        Access-Control-Max-Age: 86400
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Thu, 03 Oct 2024 21:16:14 GMT
                                                        Server: Playlog
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        6192.168.2.449761142.250.185.1424437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:14 UTC549OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Accept: */*
                                                        Access-Control-Request-Method: POST
                                                        Access-Control-Request-Headers: x-goog-authuser
                                                        Origin: https://accounts.google.com
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-10-03 21:16:14 UTC520INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                        Access-Control-Max-Age: 86400
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Thu, 03 Oct 2024 21:16:14 GMT
                                                        Server: Playlog
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        7192.168.2.449764142.250.185.1424437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:15 UTC1124OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Content-Length: 519
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-arch: "x86"
                                                        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        X-Goog-AuthUser: 0
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: */*
                                                        Origin: https://accounts.google.com
                                                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-10-03 21:16:15 UTC519OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 39 39 30 31 37 31 39 34 34 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1727990171944",null,null,null
                                                        2024-10-03 21:16:15 UTC933INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                        Set-Cookie: NID=518=n4hOYc_7wd3uCx8bad6KZBKr7akkG5B_GOgLEoI-9d4MxKUZihIHQhRHA69Rkt5rMijc-l8sEi0aDvhZ5es-jj7R26008tScVwT__cHpYlN1hjCLwuK_93xQq5NHyOL3zojDot7P0g20pkotiG45VGDCbX2-8WqTN3LPIRFgaX9u5a10pHE; expires=Fri, 04-Apr-2025 21:16:15 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Thu, 03 Oct 2024 21:16:15 GMT
                                                        Server: Playlog
                                                        Cache-Control: private
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Expires: Thu, 03 Oct 2024 21:16:15 GMT
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2024-10-03 21:16:15 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                        2024-10-03 21:16:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        8192.168.2.449765142.250.185.1424437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:15 UTC1124OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Content-Length: 505
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-arch: "x86"
                                                        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        X-Goog-AuthUser: 0
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: */*
                                                        Origin: https://accounts.google.com
                                                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-10-03 21:16:15 UTC505OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 39 39 30 31 37 32 30 36 33 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1727990172063",null,null,null
                                                        2024-10-03 21:16:15 UTC933INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                        Set-Cookie: NID=518=effH-MAavmEajXTNwQaVj84GSpcQHl-UyvhuEud0447UNarlXm5Z_48zC9k_-bJc4fs595mLDvX_qTuLEyDMBjNrL4jwDS9Bzf0gOiQYSazZs_xVqUl3U0g7q2svakZ-JTan0KwfWPNXMEzRRml96pic5gGAj8Li5VAOkjFgYUZ7yPdDl2A; expires=Fri, 04-Apr-2025 21:16:15 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Thu, 03 Oct 2024 21:16:15 GMT
                                                        Server: Playlog
                                                        Cache-Control: private
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Expires: Thu, 03 Oct 2024 21:16:15 GMT
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2024-10-03 21:16:15 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                        2024-10-03 21:16:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        9192.168.2.449741142.250.186.1324437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:15 UTC1214OUTGET /favicon.ico HTTP/1.1
                                                        Host: www.google.com
                                                        Connection: keep-alive
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-arch: "x86"
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Mode: no-cors
                                                        Sec-Fetch-Dest: image
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Cookie: NID=518=effH-MAavmEajXTNwQaVj84GSpcQHl-UyvhuEud0447UNarlXm5Z_48zC9k_-bJc4fs595mLDvX_qTuLEyDMBjNrL4jwDS9Bzf0gOiQYSazZs_xVqUl3U0g7q2svakZ-JTan0KwfWPNXMEzRRml96pic5gGAj8Li5VAOkjFgYUZ7yPdDl2A
                                                        2024-10-03 21:16:16 UTC705INHTTP/1.1 200 OK
                                                        Accept-Ranges: bytes
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                        Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                        Content-Length: 5430
                                                        X-Content-Type-Options: nosniff
                                                        Server: sffe
                                                        X-XSS-Protection: 0
                                                        Date: Thu, 03 Oct 2024 20:24:49 GMT
                                                        Expires: Fri, 11 Oct 2024 20:24:49 GMT
                                                        Cache-Control: public, max-age=691200
                                                        Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                        Content-Type: image/x-icon
                                                        Vary: Accept-Encoding
                                                        Age: 3086
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close
                                                        2024-10-03 21:16:16 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                        Data Ascii: h& ( 0.v]X:X:rY
                                                        2024-10-03 21:16:16 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                        Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                        2024-10-03 21:16:16 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                        Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                        2024-10-03 21:16:16 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                        Data Ascii: BBBBBBF!4I
                                                        2024-10-03 21:16:16 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                        Data Ascii: $'


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        10192.168.2.4497674.175.87.197443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:16 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1bfgFNpEhAmKPVg&MD=tNSnbSPb HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept: */*
                                                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                        Host: slscr.update.microsoft.com
                                                        2024-10-03 21:16:16 UTC560INHTTP/1.1 200 OK
                                                        Cache-Control: no-cache
                                                        Pragma: no-cache
                                                        Content-Type: application/octet-stream
                                                        Expires: -1
                                                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                        ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                        MS-CorrelationId: f0bb4727-972b-42cd-980d-d754a6d84ebb
                                                        MS-RequestId: 1913e84a-c0b7-48e9-9de2-27a35f0d41e9
                                                        MS-CV: oW9uMxhOH0G8tSeZ.0
                                                        X-Microsoft-SLSClientCache: 2880
                                                        Content-Disposition: attachment; filename=environment.cab
                                                        X-Content-Type-Options: nosniff
                                                        Date: Thu, 03 Oct 2024 21:16:15 GMT
                                                        Connection: close
                                                        Content-Length: 24490
                                                        2024-10-03 21:16:16 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                        Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                        2024-10-03 21:16:16 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                        Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        11192.168.2.449779142.250.185.1424437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:21 UTC1299OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Content-Length: 1221
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-arch: "x86"
                                                        Content-Type: text/plain;charset=UTF-8
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        X-Goog-AuthUser: 0
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: */*
                                                        Origin: https://accounts.google.com
                                                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Cookie: NID=518=effH-MAavmEajXTNwQaVj84GSpcQHl-UyvhuEud0447UNarlXm5Z_48zC9k_-bJc4fs595mLDvX_qTuLEyDMBjNrL4jwDS9Bzf0gOiQYSazZs_xVqUl3U0g7q2svakZ-JTan0KwfWPNXMEzRRml96pic5gGAj8Li5VAOkjFgYUZ7yPdDl2A
                                                        2024-10-03 21:16:21 UTC1221OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 37 39 39 30 31 36 39 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1727990169000",null,null,null,
                                                        2024-10-03 21:16:21 UTC941INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                        Set-Cookie: NID=518=h93JnhGHhbr3EFEcVbP33iRzGBGyGwNnTeKKgsDIvsOFjEJE59kJQ58rt1Dk81RxHjgSIAXPTMuaC3lLtNfA-WvCOOUlQXY4WbkIoBPloe3ba075UTXYUywU0CW9P2EKobVagI0W1iJ0rdhDzh4udms3ZONUy9B_YgWiGAUIJZw6ehWTDbLp51kOH2s; expires=Fri, 04-Apr-2025 21:16:21 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Thu, 03 Oct 2024 21:16:21 GMT
                                                        Server: Playlog
                                                        Cache-Control: private
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Expires: Thu, 03 Oct 2024 21:16:21 GMT
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2024-10-03 21:16:21 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                        2024-10-03 21:16:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        12192.168.2.455095142.250.185.1424437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:44 UTC1330OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Content-Length: 1230
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-arch: "x86"
                                                        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        X-Goog-AuthUser: 0
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: */*
                                                        Origin: https://accounts.google.com
                                                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Cookie: NID=518=h93JnhGHhbr3EFEcVbP33iRzGBGyGwNnTeKKgsDIvsOFjEJE59kJQ58rt1Dk81RxHjgSIAXPTMuaC3lLtNfA-WvCOOUlQXY4WbkIoBPloe3ba075UTXYUywU0CW9P2EKobVagI0W1iJ0rdhDzh4udms3ZONUy9B_YgWiGAUIJZw6ehWTDbLp51kOH2s
                                                        2024-10-03 21:16:44 UTC1230OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 39 39 30 32 30 32 35 39 36 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1727990202596",null,null,null
                                                        2024-10-03 21:16:44 UTC523INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Thu, 03 Oct 2024 21:16:44 GMT
                                                        Server: Playlog
                                                        Cache-Control: private
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2024-10-03 21:16:44 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                        2024-10-03 21:16:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        13192.168.2.455096142.250.185.1424437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:45 UTC1289OUTPOST /log?hasfast=true&authuser=0&format=json HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Content-Length: 892
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-arch: "x86"
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        Content-Type: text/plain;charset=UTF-8
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: */*
                                                        Origin: https://accounts.google.com
                                                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Mode: no-cors
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Cookie: NID=518=h93JnhGHhbr3EFEcVbP33iRzGBGyGwNnTeKKgsDIvsOFjEJE59kJQ58rt1Dk81RxHjgSIAXPTMuaC3lLtNfA-WvCOOUlQXY4WbkIoBPloe3ba075UTXYUywU0CW9P2EKobVagI0W1iJ0rdhDzh4udms3ZONUy9B_YgWiGAUIJZw6ehWTDbLp51kOH2s
                                                        2024-10-03 21:16:45 UTC892OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 31 30 30 31 2e 30 36 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c 30 2c 30
                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_identityfrontendauthuiserver_20241001.06_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,0,0
                                                        2024-10-03 21:16:45 UTC523INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Thu, 03 Oct 2024 21:16:45 GMT
                                                        Server: Playlog
                                                        Cache-Control: private
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2024-10-03 21:16:45 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                        2024-10-03 21:16:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        14192.168.2.455097142.250.185.1424437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:46 UTC1330OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Content-Length: 1301
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-arch: "x86"
                                                        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        X-Goog-AuthUser: 0
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: */*
                                                        Origin: https://accounts.google.com
                                                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Cookie: NID=518=h93JnhGHhbr3EFEcVbP33iRzGBGyGwNnTeKKgsDIvsOFjEJE59kJQ58rt1Dk81RxHjgSIAXPTMuaC3lLtNfA-WvCOOUlQXY4WbkIoBPloe3ba075UTXYUywU0CW9P2EKobVagI0W1iJ0rdhDzh4udms3ZONUy9B_YgWiGAUIJZw6ehWTDbLp51kOH2s
                                                        2024-10-03 21:16:46 UTC1301OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 39 39 30 32 30 34 34 38 39 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1727990204489",null,null,null
                                                        2024-10-03 21:16:46 UTC523INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Thu, 03 Oct 2024 21:16:46 GMT
                                                        Server: Playlog
                                                        Cache-Control: private
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2024-10-03 21:16:46 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                        2024-10-03 21:16:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        15192.168.2.4550984.175.87.197443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:55 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1bfgFNpEhAmKPVg&MD=tNSnbSPb HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept: */*
                                                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                        Host: slscr.update.microsoft.com
                                                        2024-10-03 21:16:55 UTC560INHTTP/1.1 200 OK
                                                        Cache-Control: no-cache
                                                        Pragma: no-cache
                                                        Content-Type: application/octet-stream
                                                        Expires: -1
                                                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                        ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                        MS-CorrelationId: 5afe2768-a703-48fd-8a49-1ebd88b249aa
                                                        MS-RequestId: 5602353b-bb83-4349-a162-62905814a777
                                                        MS-CV: aHBkncAHcEaJaPlO.0
                                                        X-Microsoft-SLSClientCache: 1440
                                                        Content-Disposition: attachment; filename=environment.cab
                                                        X-Content-Type-Options: nosniff
                                                        Date: Thu, 03 Oct 2024 21:16:55 GMT
                                                        Connection: close
                                                        Content-Length: 30005
                                                        2024-10-03 21:16:55 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                        Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                        2024-10-03 21:16:55 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                        Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        16192.168.2.45509913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:56 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:56 UTC540INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:56 GMT
                                                        Content-Type: text/plain
                                                        Content-Length: 218853
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public
                                                        Last-Modified: Mon, 30 Sep 2024 13:16:38 GMT
                                                        ETag: "0x8DCE1521DF74B57"
                                                        x-ms-request-id: 90766f9b-701e-006f-578c-15afc4000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211656Z-15767c5fc55gq5fmm10nm5qqr80000000bp000000000feeh
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:56 UTC15844INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                                        Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                                        2024-10-03 21:16:56 UTC16384INData Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e
                                                        Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
                                                        2024-10-03 21:16:56 UTC16384INData Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31
                                                        Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
                                                        2024-10-03 21:16:56 UTC16384INData Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20
                                                        Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
                                                        2024-10-03 21:16:56 UTC16384INData Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f
                                                        Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
                                                        2024-10-03 21:16:56 UTC16384INData Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a
                                                        Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
                                                        2024-10-03 21:16:56 UTC16384INData Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63
                                                        Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
                                                        2024-10-03 21:16:56 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e
                                                        Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
                                                        2024-10-03 21:16:56 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                        Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
                                                        2024-10-03 21:16:56 UTC16384INData Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                        Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        17192.168.2.45510113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:57 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:57 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:57 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 2980
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                        ETag: "0x8DC582BA80D96A1"
                                                        x-ms-request-id: b9d87bc3-001e-008d-128c-15d91e000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211657Z-15767c5fc55ncqdn59ub6rndq00000000b7g00000000dgwd
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:57 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        18192.168.2.45510013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:57 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:57 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:57 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 3788
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                        ETag: "0x8DC582BAC2126A6"
                                                        x-ms-request-id: 1cc2ff82-e01e-0071-478c-1508e7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211657Z-15767c5fc55fdfx81a30vtr1fw0000000bt000000000x8qd
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:57 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        19192.168.2.45510213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:57 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:57 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:57 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 450
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                                        ETag: "0x8DC582BD4C869AE"
                                                        x-ms-request-id: b9d87bc4-001e-008d-138c-15d91e000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211657Z-15767c5fc552g4w83buhsr3htc0000000bq0000000000zvw
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:57 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        20192.168.2.45510413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:57 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:57 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:57 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 408
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                        ETag: "0x8DC582BB56D3AFB"
                                                        x-ms-request-id: 4b0a31e7-c01e-00ad-448c-15a2b9000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211657Z-15767c5fc55qdcd62bsn50hd6s0000000beg000000002fub
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:57 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        21192.168.2.45510313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:57 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:57 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:57 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 2160
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                        ETag: "0x8DC582BA3B95D81"
                                                        x-ms-request-id: 39d43082-801e-00ac-658c-15fd65000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211657Z-15767c5fc55dtdv4d4saq7t47n0000000bd0000000006ubh
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:57 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        22192.168.2.45510513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:58 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:58 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:58 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 474
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                                        ETag: "0x8DC582B9964B277"
                                                        x-ms-request-id: aa8826a4-b01e-0053-608c-15cdf8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211658Z-15767c5fc55gs96cphvgp5f5vc0000000bm00000000009bz
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:58 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        23192.168.2.45510613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:58 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:58 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:58 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 415
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                                        ETag: "0x8DC582B9F6F3512"
                                                        x-ms-request-id: 757ce4f4-401e-000a-128c-154a7b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211658Z-15767c5fc55sdcjq8ksxt4n9mc00000000zg000000001ucb
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:58 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        24192.168.2.45510913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:58 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:58 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:58 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 467
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                        ETag: "0x8DC582BA6C038BC"
                                                        x-ms-request-id: b2393cc3-501e-005b-768c-15d7f7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211658Z-15767c5fc55fdfx81a30vtr1fw0000000c0g000000000d26
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:58 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        25192.168.2.45510813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:58 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:58 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:58 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 471
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                                        ETag: "0x8DC582BB10C598B"
                                                        x-ms-request-id: 24b39cfc-301e-0096-2a8c-15e71d000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211658Z-15767c5fc55gs96cphvgp5f5vc0000000bhg000000004uuk
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:58 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        26192.168.2.45510713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:58 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:58 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:58 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 632
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                        ETag: "0x8DC582BB6E3779E"
                                                        x-ms-request-id: 3a0dc1eb-601e-0032-608c-15eebb000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211658Z-15767c5fc55qkvj6n60pxm9mbw00000000ng00000000pymu
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:58 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        27192.168.2.45511013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:58 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:59 UTC491INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:58 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 407
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                        ETag: "0x8DC582BBAD04B7B"
                                                        x-ms-request-id: 023e3708-a01e-003d-568c-1598d7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211658Z-15767c5fc554w2fgapsyvy8ua00000000b0g00000000kwmb
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        X-Cache-Info: L1_T2
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:59 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        28192.168.2.45511113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:58 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:59 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:59 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 486
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                        ETag: "0x8DC582BB344914B"
                                                        x-ms-request-id: 1cc301c6-e01e-0071-6b8c-1508e7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211659Z-15767c5fc55gs96cphvgp5f5vc0000000bbg00000000vhrh
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:59 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        29192.168.2.45511213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:58 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:59 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:58 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 427
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                                        ETag: "0x8DC582BA310DA18"
                                                        x-ms-request-id: 1cc301ca-e01e-0071-6f8c-1508e7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211658Z-15767c5fc55w69c2zvnrz0gmgw0000000bx00000000011k6
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:59 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        30192.168.2.45511313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:58 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:59 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:58 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 486
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                                        ETag: "0x8DC582B9018290B"
                                                        x-ms-request-id: e0871f45-901e-00a0-0d8c-156a6d000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211658Z-15767c5fc55dtdv4d4saq7t47n0000000bb000000000d5yy
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:59 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        31192.168.2.45511413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:59 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:59 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:59 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 407
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                                        ETag: "0x8DC582B9698189B"
                                                        x-ms-request-id: 023e3944-a01e-003d-708c-1598d7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211659Z-15767c5fc55rv8zjq9dg0musxg0000000bmg000000008527
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:59 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        32192.168.2.45511613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:59 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:59 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:59 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 477
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                        ETag: "0x8DC582BB8CEAC16"
                                                        x-ms-request-id: 24b39fc0-301e-0096-298c-15e71d000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211659Z-15767c5fc55kg97hfq5uqyxxaw0000000bq0000000000yc0
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:59 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        33192.168.2.45511713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:59 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:59 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:59 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 415
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                        ETag: "0x8DC582BA41997E3"
                                                        x-ms-request-id: c54fb296-901e-008f-528c-1567a6000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211659Z-15767c5fc55jdxmppy6cmd24bn00000003r000000000pc54
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:59 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        34192.168.2.45511513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:59 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:59 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:59 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 469
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                        ETag: "0x8DC582BBA701121"
                                                        x-ms-request-id: a68dfe67-f01e-0052-588c-159224000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211659Z-15767c5fc55fdfx81a30vtr1fw0000000bvg00000000m8ss
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:59 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        35192.168.2.45511813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:59 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:59 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:59 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 464
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                        ETag: "0x8DC582B97FB6C3C"
                                                        x-ms-request-id: dc68ccfc-201e-006e-438c-15bbe3000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211659Z-15767c5fc55tsfp92w7yna557w0000000bp0000000004a5p
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:59 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        36192.168.2.45511913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:16:59 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:16:59 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:16:59 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 494
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                        ETag: "0x8DC582BB7010D66"
                                                        x-ms-request-id: 79ade187-001e-0065-788c-150b73000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211659Z-15767c5fc55sdcjq8ksxt4n9mc00000000u000000000q8ex
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:16:59 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        37192.168.2.45512313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:00 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:00 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:00 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 468
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                        ETag: "0x8DC582B9C8E04C8"
                                                        x-ms-request-id: 09e6f7ee-001e-0034-548c-15dd04000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211700Z-15767c5fc55gs96cphvgp5f5vc0000000bm00000000009gv
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:00 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        38192.168.2.45512113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:00 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:00 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:00 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 472
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                        ETag: "0x8DC582B9DACDF62"
                                                        x-ms-request-id: 8e9c869d-201e-000c-4b8c-1579c4000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211700Z-15767c5fc55qkvj6n60pxm9mbw00000000qg00000000fhk3
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:00 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        39192.168.2.45512013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:00 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:00 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:00 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 419
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                                        ETag: "0x8DC582B9748630E"
                                                        x-ms-request-id: 0da94923-701e-0097-168c-15b8c1000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211700Z-15767c5fc55fdfx81a30vtr1fw0000000by00000000096yc
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:00 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        40192.168.2.45512213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:00 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:00 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:00 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 404
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                                        ETag: "0x8DC582B9E8EE0F3"
                                                        x-ms-request-id: 4f10c824-e01e-0085-1c8c-15c311000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211700Z-15767c5fc554l9xf959gp9cb1s00000005ug000000002zmc
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:00 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        41192.168.2.45512413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:00 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:00 UTC491INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:00 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 428
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                        ETag: "0x8DC582BAC4F34CA"
                                                        x-ms-request-id: 82f8b22c-c01e-0014-5a8c-15a6a3000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211700Z-15767c5fc55whfstvfw43u8fp40000000br000000000azac
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        X-Cache-Info: L1_T2
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:00 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        42192.168.2.45512613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:01 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:01 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:01 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 415
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                        ETag: "0x8DC582B988EBD12"
                                                        x-ms-request-id: 6a901ce3-301e-005d-708c-15e448000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211701Z-15767c5fc55d6fcl6x6bw8cpdc0000000bbg00000000vbbg
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:01 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        43192.168.2.45512713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:01 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:01 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:01 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 471
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                        ETag: "0x8DC582BB5815C4C"
                                                        x-ms-request-id: 75493038-e01e-00aa-508c-15ceda000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211701Z-15767c5fc55852fxfeh7csa2dn0000000bk0000000003enw
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:01 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        44192.168.2.45512513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:01 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:01 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:01 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 499
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                                        ETag: "0x8DC582B98CEC9F6"
                                                        x-ms-request-id: 30fd46b0-d01e-00a1-368c-1535b1000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211701Z-15767c5fc55rg5b7sh1vuv8t7n0000000c0g000000000dt0
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:01 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        45192.168.2.45512813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:01 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:01 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:01 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 419
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                        ETag: "0x8DC582BB32BB5CB"
                                                        x-ms-request-id: c2ca9d4d-801e-0035-458c-15752a000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211701Z-15767c5fc55tsfp92w7yna557w0000000bkg00000000chh2
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:01 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        46192.168.2.45512913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:01 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:01 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:01 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 494
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                        ETag: "0x8DC582BB8972972"
                                                        x-ms-request-id: 831ef799-b01e-0098-7b8c-15cead000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211701Z-15767c5fc55whfstvfw43u8fp40000000bqg00000000cfz4
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:01 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        47192.168.2.45513013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:01 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:02 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:02 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 472
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                        ETag: "0x8DC582B9D43097E"
                                                        x-ms-request-id: 4b0a3852-c01e-00ad-3b8c-15a2b9000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211702Z-15767c5fc55fdfx81a30vtr1fw0000000bx000000000df9s
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:02 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        48192.168.2.45513113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:02 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:02 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:02 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 420
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                        ETag: "0x8DC582B9DAE3EC0"
                                                        x-ms-request-id: a7623418-001e-00a2-348c-15d4d5000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211702Z-15767c5fc55xsgnlxyxy40f4m00000000bfg00000000b57q
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:02 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        49192.168.2.45513213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:02 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:02 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:02 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 427
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                                        ETag: "0x8DC582BA909FA21"
                                                        x-ms-request-id: eccf174e-001e-0079-238c-1512e8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211702Z-15767c5fc55n4msds84xh4z67w00000005bg000000001xha
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:02 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        50192.168.2.45513313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:02 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:02 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:02 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 486
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                                        ETag: "0x8DC582B92FCB436"
                                                        x-ms-request-id: 76615707-c01e-0082-6a8c-15af72000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211702Z-15767c5fc55w69c2zvnrz0gmgw0000000bx00000000011ud
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:02 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        51192.168.2.45513413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:02 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:02 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:02 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 423
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                                        ETag: "0x8DC582BB7564CE8"
                                                        x-ms-request-id: bb2e28bd-501e-0016-0b8c-15181b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211702Z-15767c5fc552g4w83buhsr3htc0000000bmg000000009gqw
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:02 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        52192.168.2.45513513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:02 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:02 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:02 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 404
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                        ETag: "0x8DC582B95C61A3C"
                                                        x-ms-request-id: 0dcb6c6d-e01e-0003-668c-150fa8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211702Z-15767c5fc55n4msds84xh4z67w000000055g00000000t4k2
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:02 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        53192.168.2.45513813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:02 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:02 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:02 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 468
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                                        ETag: "0x8DC582BB046B576"
                                                        x-ms-request-id: 8789ddbb-a01e-0084-6a8c-159ccd000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211702Z-15767c5fc55n4msds84xh4z67w000000059g000000008yye
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:02 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        54192.168.2.45513613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:02 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:02 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:02 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 478
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                                        ETag: "0x8DC582B9B233827"
                                                        x-ms-request-id: 4da5bf60-a01e-0070-668c-15573b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211702Z-15767c5fc55ncqdn59ub6rndq00000000b5000000000r3d5
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:02 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        55192.168.2.45513913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:02 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:03 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:02 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 400
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                        ETag: "0x8DC582BB2D62837"
                                                        x-ms-request-id: 9bed673a-001e-0046-278c-15da4b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211702Z-15767c5fc55dtdv4d4saq7t47n0000000bd0000000006ugs
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:03 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        56192.168.2.45514013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:02 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:03 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:02 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 479
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                        ETag: "0x8DC582BB7D702D0"
                                                        x-ms-request-id: 772ea1ab-e01e-003c-188c-15c70b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211702Z-15767c5fc5546rn6ch9zv310e000000004k000000000ayk5
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:03 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        57192.168.2.45514113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:03 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:03 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:03 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 425
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                        ETag: "0x8DC582BBA25094F"
                                                        x-ms-request-id: 3a0dcc46-601e-0032-6c8c-15eebb000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211703Z-15767c5fc5546rn6ch9zv310e000000004gg00000000fcbb
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:03 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        58192.168.2.45514513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:03 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:03 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:03 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 416
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                                        ETag: "0x8DC582BAEA4B445"
                                                        x-ms-request-id: 75858473-001e-000b-318c-1515a7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211703Z-15767c5fc5546rn6ch9zv310e000000004kg0000000083xd
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:03 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        59192.168.2.45514213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:03 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:03 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:03 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 475
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                        ETag: "0x8DC582BB2BE84FD"
                                                        x-ms-request-id: 15fe0b87-a01e-0002-3b8c-155074000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211703Z-15767c5fc55v7j95gq2uzq37a00000000bvg000000005vht
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:03 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        60192.168.2.45514313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:03 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:03 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:03 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 448
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                        ETag: "0x8DC582BB389F49B"
                                                        x-ms-request-id: 1f480944-c01e-002b-018c-156e00000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211703Z-15767c5fc55v7j95gq2uzq37a00000000bv0000000007gev
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:03 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        61192.168.2.45514413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:03 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:03 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:03 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 491
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                        ETag: "0x8DC582B98B88612"
                                                        x-ms-request-id: c54fbac1-901e-008f-588c-1567a6000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211703Z-15767c5fc55w69c2zvnrz0gmgw0000000bsg00000000g7nb
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:03 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        62192.168.2.45514713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:04 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:04 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:04 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 415
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                        ETag: "0x8DC582BA80D96A1"
                                                        x-ms-request-id: b9a197f6-401e-0078-3b8c-154d34000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211704Z-15767c5fc55rv8zjq9dg0musxg0000000bn0000000007mv4
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:04 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        63192.168.2.45514613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:04 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:04 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:04 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 479
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                        ETag: "0x8DC582B989EE75B"
                                                        x-ms-request-id: 76252b1b-c01e-0066-488c-15a1ec000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211704Z-15767c5fc554wklc0x4mc5pq0w0000000bv000000000n5vf
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:04 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        64192.168.2.45514813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:04 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:04 UTC491INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:04 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 471
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                        ETag: "0x8DC582B97E6FCDD"
                                                        x-ms-request-id: b83a8dc4-f01e-003f-308c-15d19d000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211704Z-15767c5fc55sdcjq8ksxt4n9mc00000000y00000000073vw
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        X-Cache-Info: L1_T2
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:04 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        65192.168.2.45515013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:04 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:04 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:04 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 477
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                                        ETag: "0x8DC582BA54DCC28"
                                                        x-ms-request-id: 7be6812e-d01e-008e-528c-15387a000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211704Z-15767c5fc55rv8zjq9dg0musxg0000000bf000000000sf67
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:04 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        66192.168.2.45515113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:05 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:05 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:05 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 419
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                        ETag: "0x8DC582BB7F164C3"
                                                        x-ms-request-id: 1f480aea-c01e-002b-028c-156e00000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211705Z-15767c5fc554w2fgapsyvy8ua00000000b5000000000419k
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:05 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        67192.168.2.45515213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:05 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:05 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:05 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 477
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                        ETag: "0x8DC582BA48B5BDD"
                                                        x-ms-request-id: 7be6821c-d01e-008e-398c-15387a000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211705Z-15767c5fc55tsfp92w7yna557w0000000bkg00000000chpp
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:05 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        68192.168.2.45515313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:05 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:05 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:05 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 419
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                                        ETag: "0x8DC582B9FF95F80"
                                                        x-ms-request-id: 16d3a614-701e-0032-288c-15a540000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211705Z-15767c5fc55n4msds84xh4z67w00000005ag0000000065tu
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:05 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        69192.168.2.45514913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:05 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:05 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:05 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 419
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                        ETag: "0x8DC582B9C710B28"
                                                        x-ms-request-id: 2f8443ca-b01e-0070-308c-151cc0000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211705Z-15767c5fc55jdxmppy6cmd24bn00000003xg00000000062p
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:05 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        70192.168.2.45515413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:05 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:05 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:05 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 472
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                                        ETag: "0x8DC582BB650C2EC"
                                                        x-ms-request-id: aa883537-b01e-0053-4c8c-15cdf8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211705Z-15767c5fc55rg5b7sh1vuv8t7n0000000c00000000001vq3
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:05 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        71192.168.2.45515513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:05 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:05 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:05 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 468
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                        ETag: "0x8DC582BB3EAF226"
                                                        x-ms-request-id: cce0beff-001e-0082-398c-155880000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211705Z-15767c5fc5546rn6ch9zv310e000000004mg000000004v3g
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:05 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        72192.168.2.45515613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:05 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:06 UTC491INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:05 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 485
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                                        ETag: "0x8DC582BB9769355"
                                                        x-ms-request-id: dc68dac5-201e-006e-298c-15bbe3000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211705Z-15767c5fc55kg97hfq5uqyxxaw0000000bm0000000009gyq
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        X-Cache-Info: L1_T2
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:06 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        73192.168.2.45515713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:05 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:06 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:05 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 411
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                        ETag: "0x8DC582B989AF051"
                                                        x-ms-request-id: be018b72-401e-0035-7e8c-1582d8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211705Z-15767c5fc55v7j95gq2uzq37a00000000bwg00000000256r
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:06 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        74192.168.2.45515813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:05 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:06 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:05 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 470
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                        ETag: "0x8DC582BBB181F65"
                                                        x-ms-request-id: 4da5c699-a01e-0070-198c-15573b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211705Z-15767c5fc5546rn6ch9zv310e000000004dg00000000vrw3
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:06 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        75192.168.2.45515913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:06 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:06 UTC491INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:06 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 427
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                        ETag: "0x8DC582BB556A907"
                                                        x-ms-request-id: be018b82-401e-0035-0c8c-1582d8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211706Z-15767c5fc55qkvj6n60pxm9mbw00000000tg000000005m6h
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        X-Cache-Info: L1_T2
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:06 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        76192.168.2.45516013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:06 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:06 UTC491INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:06 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 502
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                        ETag: "0x8DC582BB6A0D312"
                                                        x-ms-request-id: 801e2bd2-b01e-0021-6a8c-15cab7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211706Z-15767c5fc55gs96cphvgp5f5vc0000000bdg00000000mc48
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        X-Cache-Info: L1_T2
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:06 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        77192.168.2.45516213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:06 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:06 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:06 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 474
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                        ETag: "0x8DC582BB3F48DAE"
                                                        x-ms-request-id: 1cc309a5-e01e-0071-358c-1508e7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211706Z-15767c5fc55ncqdn59ub6rndq00000000b6000000000mphr
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:06 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        78192.168.2.45516113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:06 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:06 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:06 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 407
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                        ETag: "0x8DC582B9D30478D"
                                                        x-ms-request-id: 285c7e33-c01e-008e-718c-157381000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211706Z-15767c5fc552g4w83buhsr3htc0000000beg00000000w4b5
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:06 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        79192.168.2.45516313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:06 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:06 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:06 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 408
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                        ETag: "0x8DC582BB9B6040B"
                                                        x-ms-request-id: 04c46130-501e-0064-028c-151f54000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211706Z-15767c5fc55rv8zjq9dg0musxg0000000bp00000000041x0
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:06 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        80192.168.2.45516413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:06 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:06 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:06 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 469
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                        ETag: "0x8DC582BB3CAEBB8"
                                                        x-ms-request-id: 6a902a44-301e-005d-788c-15e448000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211706Z-15767c5fc55dtdv4d4saq7t47n0000000bag00000000ewv4
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:06 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        81192.168.2.45516613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:07 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:07 UTC491INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:07 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 472
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                        ETag: "0x8DC582B91EAD002"
                                                        x-ms-request-id: 4da5c882-a01e-0070-628c-15573b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211707Z-15767c5fc552g4w83buhsr3htc0000000bhg00000000gkfh
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        X-Cache-Info: L1_T2
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:07 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        82192.168.2.45516713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:07 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:07 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:07 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 432
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                                        ETag: "0x8DC582BAABA2A10"
                                                        x-ms-request-id: 15fe1592-a01e-0002-378c-155074000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211707Z-15767c5fc55qkvj6n60pxm9mbw00000000sg000000008rcf
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:07 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        83192.168.2.45516513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:07 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:07 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:07 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 416
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                        ETag: "0x8DC582BB5284CCE"
                                                        x-ms-request-id: 15fe14b4-a01e-0002-638c-155074000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211707Z-15767c5fc55fdfx81a30vtr1fw0000000bxg00000000agg5
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:07 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        84192.168.2.45516813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:07 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:07 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:07 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 475
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                        ETag: "0x8DC582BBA740822"
                                                        x-ms-request-id: b9a19b13-401e-0078-148c-154d34000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211707Z-15767c5fc55gq5fmm10nm5qqr80000000bsg000000004hce
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:07 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        85192.168.2.45517013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:07 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:07 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:07 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 427
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                                        ETag: "0x8DC582BB464F255"
                                                        x-ms-request-id: 9bed6e8e-001e-0046-5b8c-15da4b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211707Z-15767c5fc55lghvzbxktxfqntw0000000b9000000000b2r3
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:07 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        86192.168.2.45517113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:08 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:08 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:08 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 474
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                        ETag: "0x8DC582BA4037B0D"
                                                        x-ms-request-id: e08726cd-901e-00a0-738c-156a6d000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211708Z-15767c5fc55whfstvfw43u8fp40000000bk000000000ypa0
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:08 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        87192.168.2.45517213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:08 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:08 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:08 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 419
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                        ETag: "0x8DC582BA6CF78C8"
                                                        x-ms-request-id: 766164d5-c01e-0082-668c-15af72000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211708Z-15767c5fc55472x4k7dmphmadg0000000b7g00000000da8n
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:08 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        88192.168.2.45517413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:08 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:08 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:08 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 405
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                                        ETag: "0x8DC582B942B6AFF"
                                                        x-ms-request-id: d59d44fd-601e-003e-698c-153248000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211708Z-15767c5fc55kg97hfq5uqyxxaw0000000beg00000000uabx
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:08 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        89192.168.2.45517313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:08 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:08 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:08 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 472
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                        ETag: "0x8DC582B984BF177"
                                                        x-ms-request-id: dcc4dd0d-f01e-0099-7c8c-159171000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211708Z-15767c5fc55lghvzbxktxfqntw0000000bbg0000000033p2
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:08 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        90192.168.2.45517513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:08 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:08 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:08 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 468
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                        ETag: "0x8DC582BBA642BF4"
                                                        x-ms-request-id: 4a2177bf-401e-00a3-638c-158b09000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211708Z-15767c5fc55sdcjq8ksxt4n9mc00000000sg00000000vquq
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:08 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        91192.168.2.45517713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:09 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:09 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:09 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1952
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                        ETag: "0x8DC582B956B0F3D"
                                                        x-ms-request-id: 1cc30b66-e01e-0071-368c-1508e7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211709Z-15767c5fc55qdcd62bsn50hd6s0000000bdg000000005rdd
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:09 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        92192.168.2.45517613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:09 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:09 UTC491INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:09 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 174
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                        ETag: "0x8DC582B91D80E15"
                                                        x-ms-request-id: 4da5cae8-a01e-0070-0e8c-15573b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211709Z-15767c5fc55sdcjq8ksxt4n9mc00000000w000000000eetx
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        X-Cache-Info: L1_T2
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:09 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        93192.168.2.45517813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:09 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:09 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:09 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 958
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                                        ETag: "0x8DC582BA0A31B3B"
                                                        x-ms-request-id: 8e9c9a52-201e-000c-6b8c-1579c4000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211709Z-15767c5fc55852fxfeh7csa2dn0000000bfg00000000c3m9
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:09 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        94192.168.2.45517913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:09 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:09 UTC470INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:09 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 501
                                                        Connection: close
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                                                        ETag: "0x8DC582BACFDAACD"
                                                        x-ms-request-id: 0da9586c-701e-0097-318c-15b8c1000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211709Z-15767c5fc55lghvzbxktxfqntw0000000ba0000000007xva
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:09 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        95192.168.2.45518013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:09 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:09 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:09 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 2592
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                        ETag: "0x8DC582BB5B890DB"
                                                        x-ms-request-id: b9a19cb7-401e-0078-068c-154d34000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211709Z-15767c5fc55whfstvfw43u8fp40000000bt0000000003pg2
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:09 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        96192.168.2.45518213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:09 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:09 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:09 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 2284
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                                                        ETag: "0x8DC582BCD58BEEE"
                                                        x-ms-request-id: 82f8c3b9-c01e-0014-418c-15a6a3000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211709Z-15767c5fc554w2fgapsyvy8ua00000000az000000000s546
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:09 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        97192.168.2.45518113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:09 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:09 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:09 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 3342
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                                                        ETag: "0x8DC582B927E47E9"
                                                        x-ms-request-id: 1cc30bd5-e01e-0071-1a8c-1508e7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211709Z-15767c5fc55472x4k7dmphmadg0000000b90000000008h4n
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:09 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        98192.168.2.45518313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:09 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:09 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:09 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1393
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                                                        ETag: "0x8DC582BE3E55B6E"
                                                        x-ms-request-id: b23951fc-501e-005b-2a8c-15d7f7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211709Z-15767c5fc55dtdv4d4saq7t47n0000000bc0000000009n4b
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:09 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        99192.168.2.45518413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:09 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:09 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:09 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1356
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                        ETag: "0x8DC582BDC681E17"
                                                        x-ms-request-id: b9a19e00-401e-0078-388c-154d34000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211709Z-15767c5fc55kg97hfq5uqyxxaw0000000bng000000005f8w
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:09 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        100192.168.2.45518513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:09 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:09 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:09 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1393
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                                                        ETag: "0x8DC582BE39DFC9B"
                                                        x-ms-request-id: 7afec079-601e-000d-468c-152618000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211709Z-15767c5fc55dtdv4d4saq7t47n0000000bb000000000d6ug
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:09 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        101192.168.2.45518613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:10 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:10 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:10 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1356
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                        ETag: "0x8DC582BDF66E42D"
                                                        x-ms-request-id: 3ef81e2a-f01e-001f-3f8c-155dc8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211710Z-15767c5fc55dtdv4d4saq7t47n0000000bdg000000005fuw
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:10 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        102192.168.2.45518713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:10 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:10 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:10 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1395
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                        ETag: "0x8DC582BE017CAD3"
                                                        x-ms-request-id: a68e09c4-f01e-0052-148c-159224000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211710Z-15767c5fc554l9xf959gp9cb1s00000005rg00000000cg4x
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:10 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        103192.168.2.45519013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:10 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:10 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:10 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1358
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                        ETag: "0x8DC582BE022ECC5"
                                                        x-ms-request-id: a76247f8-001e-00a2-558c-15d4d5000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211710Z-15767c5fc55qkvj6n60pxm9mbw00000000ng00000000pz9a
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:10 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        104192.168.2.45518913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:10 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:10 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:10 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1395
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                        ETag: "0x8DC582BDE12A98D"
                                                        x-ms-request-id: 1392789d-401e-0047-0e8c-158597000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211710Z-15767c5fc55fdfx81a30vtr1fw0000000bw000000000h062
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:10 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        105192.168.2.45518813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:10 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:10 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:10 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1358
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                        ETag: "0x8DC582BE6431446"
                                                        x-ms-request-id: 6a90313a-301e-005d-1a8c-15e448000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211710Z-15767c5fc55fdfx81a30vtr1fw0000000byg000000007w2a
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:10 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        106192.168.2.45519213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:11 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:11 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:11 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1389
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                        ETag: "0x8DC582BE10A6BC1"
                                                        x-ms-request-id: 7afec1f8-601e-000d-328c-152618000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211711Z-15767c5fc55ncqdn59ub6rndq00000000b8g00000000b1br
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:11 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        107192.168.2.45519113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:11 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:11 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:11 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1352
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                        ETag: "0x8DC582BE9DEEE28"
                                                        x-ms-request-id: 92784c80-801e-002a-088c-1531dc000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211711Z-15767c5fc55gq5fmm10nm5qqr80000000bt0000000002h0a
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:11 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        108192.168.2.45519513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:11 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:11 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:11 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1401
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                        ETag: "0x8DC582BE055B528"
                                                        x-ms-request-id: 6a90350a-301e-005d-348c-15e448000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211711Z-15767c5fc55fdfx81a30vtr1fw0000000by00000000097t4
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:11 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        109192.168.2.45519413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:11 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:11 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:11 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1368
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                        ETag: "0x8DC582BDDC22447"
                                                        x-ms-request-id: c825d9ef-901e-007b-278c-15ac50000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211711Z-15767c5fc55sdcjq8ksxt4n9mc00000000vg00000000h1n9
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:11 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        110192.168.2.45519313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:11 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:11 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:11 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1405
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                        ETag: "0x8DC582BE12B5C71"
                                                        x-ms-request-id: 4a217eb8-401e-00a3-218c-158b09000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211711Z-15767c5fc554l9xf959gp9cb1s00000005tg00000000678r
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:11 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        111192.168.2.45519813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:12 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:12 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:12 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1397
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                                                        ETag: "0x8DC582BE7262739"
                                                        x-ms-request-id: 76616de5-c01e-0082-6f8c-15af72000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211712Z-15767c5fc55gs96cphvgp5f5vc0000000be000000000hz2c
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:12 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        112192.168.2.45519713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:12 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:12 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:12 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1364
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                        ETag: "0x8DC582BE1223606"
                                                        x-ms-request-id: ed356ac5-101e-0046-2b8c-1591b0000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211712Z-15767c5fc554wklc0x4mc5pq0w0000000byg0000000076f1
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:12 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        113192.168.2.45519913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:12 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:12 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:12 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1360
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                        ETag: "0x8DC582BDDEB5124"
                                                        x-ms-request-id: 29534450-901e-0064-768c-15e8a6000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211712Z-15767c5fc55gq5fmm10nm5qqr80000000bs0000000005s1c
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:12 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        114192.168.2.45520013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:12 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:12 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:12 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1403
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                        ETag: "0x8DC582BDCB4853F"
                                                        x-ms-request-id: 6ec2e3f4-801e-007b-208c-15e7ab000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211712Z-15767c5fc55n4msds84xh4z67w000000057g00000000grbs
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:12 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        115192.168.2.45520113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:12 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:12 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:12 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1366
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                        ETag: "0x8DC582BDB779FC3"
                                                        x-ms-request-id: 0da95f5c-701e-0097-318c-15b8c1000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211712Z-15767c5fc55w69c2zvnrz0gmgw0000000bvg000000006dru
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:12 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        116192.168.2.45520213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:12 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:13 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:12 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1397
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                        ETag: "0x8DC582BDFD43C07"
                                                        x-ms-request-id: 704395e8-201e-005d-718c-15afb3000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211712Z-15767c5fc554l9xf959gp9cb1s00000005rg00000000cg77
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:13 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        117192.168.2.45520313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:12 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:13 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:12 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1360
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                        ETag: "0x8DC582BDD74D2EC"
                                                        x-ms-request-id: 8be9c1e7-301e-0052-678c-1565d6000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211712Z-15767c5fc55whfstvfw43u8fp40000000bs0000000006eb4
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:13 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        118192.168.2.45520413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:12 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:13 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:12 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1427
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                        ETag: "0x8DC582BE56F6873"
                                                        x-ms-request-id: dc68e902-201e-006e-0d8c-15bbe3000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211712Z-15767c5fc55v7j95gq2uzq37a00000000btg00000000bnw3
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:13 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        119192.168.2.45520513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:13 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:13 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:13 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1390
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                        ETag: "0x8DC582BE3002601"
                                                        x-ms-request-id: 21dfe39b-001e-0049-468c-155bd5000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211713Z-15767c5fc55852fxfeh7csa2dn0000000bh000000000829d
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:13 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        120192.168.2.45520613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:13 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:13 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:13 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1401
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                                                        ETag: "0x8DC582BE2A9D541"
                                                        x-ms-request-id: 82f8cc24-c01e-0014-3a8c-15a6a3000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211713Z-15767c5fc554l9xf959gp9cb1s00000005n000000000sqk1
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:13 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        121192.168.2.45520813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:13 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:13 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:13 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1391
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                        ETag: "0x8DC582BDF58DC7E"
                                                        x-ms-request-id: 023e591f-a01e-003d-618c-1598d7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211713Z-15767c5fc55rg5b7sh1vuv8t7n0000000bxg00000000b5eu
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:13 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        122192.168.2.45520713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:13 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:13 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:13 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1364
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                        ETag: "0x8DC582BEB6AD293"
                                                        x-ms-request-id: ba3c7a68-301e-0099-698c-156683000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211713Z-15767c5fc55dtdv4d4saq7t47n0000000beg0000000026f7
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:13 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        123192.168.2.45521013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:13 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:13 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:13 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1403
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                        ETag: "0x8DC582BDCDD6400"
                                                        x-ms-request-id: 819d4321-f01e-0020-6e8c-15956b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211713Z-15767c5fc55xsgnlxyxy40f4m00000000bk00000000031uw
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:13 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        124192.168.2.45521113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:13 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:13 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:13 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1366
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                        ETag: "0x8DC582BDF1E2608"
                                                        x-ms-request-id: fb0d4061-601e-0050-198c-152c9c000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211713Z-15767c5fc55gs96cphvgp5f5vc0000000bbg00000000vke3
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:13 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        125192.168.2.45520913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:13 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:14 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:13 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1354
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                        ETag: "0x8DC582BE0662D7C"
                                                        x-ms-request-id: 76253f94-c01e-0066-328c-15a1ec000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211713Z-15767c5fc55472x4k7dmphmadg0000000bb00000000028a9
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:14 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        126192.168.2.45521313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:14 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:14 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:14 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1362
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                        ETag: "0x8DC582BDF497570"
                                                        x-ms-request-id: 7585955c-001e-000b-518c-1515a7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211714Z-15767c5fc55tsfp92w7yna557w0000000beg00000000w0x0
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:14 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        127192.168.2.45521213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:14 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:14 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:14 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1399
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                                                        ETag: "0x8DC582BE8C605FF"
                                                        x-ms-request-id: 831f1653-b01e-0098-198c-15cead000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211714Z-15767c5fc55gq5fmm10nm5qqr80000000bp000000000ff7h
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:14 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        128192.168.2.45521513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:14 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:14 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:14 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1403
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                        ETag: "0x8DC582BDC2EEE03"
                                                        x-ms-request-id: 89fd357a-501e-008f-758c-159054000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211714Z-15767c5fc55fdfx81a30vtr1fw0000000bxg00000000agvy
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:14 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        129192.168.2.45521713.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:14 UTC192OUTGET /rules/rule701051v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:14 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:14 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1399
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT
                                                        ETag: "0x8DC582BE1CC18CD"
                                                        x-ms-request-id: a68e0dd8-f01e-0052-1d8c-159224000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211714Z-15767c5fc55qkvj6n60pxm9mbw00000000n000000000ne3h
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:14 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        130192.168.2.45521613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:14 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:14 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:14 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1366
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                        ETag: "0x8DC582BEA414B16"
                                                        x-ms-request-id: a7582d38-101e-0028-528c-158f64000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211714Z-15767c5fc55gs96cphvgp5f5vc0000000bbg00000000vkfg
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:14 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        131192.168.2.45521913.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:15 UTC192OUTGET /rules/rule702751v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:15 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:15 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1403
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                        ETag: "0x8DC582BEB866CDB"
                                                        x-ms-request-id: b2395a75-501e-005b-038c-15d7f7000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211715Z-15767c5fc55852fxfeh7csa2dn0000000bg000000000a9cf
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:15 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        132192.168.2.45521813.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:15 UTC192OUTGET /rules/rule701050v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:15 UTC584INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:15 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1362
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                        ETag: "0x8DC582BEB256F43"
                                                        x-ms-request-id: 757cff4f-401e-000a-528c-154a7b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211715Z-15767c5fc55whfstvfw43u8fp40000000bpg00000000fqp2
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        X-Cache-Info: L1_T2
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:15 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        133192.168.2.45522013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:15 UTC192OUTGET /rules/rule702750v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:15 UTC584INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:15 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1366
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                        ETag: "0x8DC582BE5B7B174"
                                                        x-ms-request-id: 9bed7ce1-001e-0046-4f8c-15da4b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211715Z-15767c5fc55xsgnlxyxy40f4m00000000bkg000000001h1w
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        X-Cache-Info: L1_T2
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:15 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        134192.168.2.45522113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:15 UTC192OUTGET /rules/rule702301v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:15 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:15 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1399
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT
                                                        ETag: "0x8DC582BE976026E"
                                                        x-ms-request-id: 7baaa16d-b01e-0097-4d8c-154f33000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211715Z-15767c5fc55rg5b7sh1vuv8t7n0000000bw000000000g8p5
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:15 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        135192.168.2.45522213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:15 UTC192OUTGET /rules/rule702300v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:15 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:15 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1362
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                        ETag: "0x8DC582BDC13EFEF"
                                                        x-ms-request-id: 819d44cb-f01e-0020-6f8c-15956b000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211715Z-15767c5fc55whfstvfw43u8fp40000000btg000000001dxw
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:15 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        136192.168.2.45522313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:16 UTC192OUTGET /rules/rule703401v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:16 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:16 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1425
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                        ETag: "0x8DC582BE6BD89A1"
                                                        x-ms-request-id: 89fd37a1-501e-008f-6d8c-159054000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211716Z-15767c5fc55jdxmppy6cmd24bn00000003x0000000001u1y
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:16 UTC1425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        137192.168.2.45522413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:16 UTC192OUTGET /rules/rule703400v0s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:16 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:16 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1388
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                        ETag: "0x8DC582BDBD9126E"
                                                        x-ms-request-id: 9c5056bf-f01e-0003-548c-154453000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211716Z-15767c5fc55qkvj6n60pxm9mbw00000000rg00000000bmty
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:16 UTC1388INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        138192.168.2.45522613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:16 UTC192OUTGET /rules/rule702500v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:16 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:16 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1378
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                        ETag: "0x8DC582BDB813B3F"
                                                        x-ms-request-id: be019976-401e-0035-5d8c-1582d8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211716Z-15767c5fc55lghvzbxktxfqntw0000000b6g00000000p2zu
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:16 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        139192.168.2.45522513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:16 UTC192OUTGET /rules/rule702501v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:16 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:16 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1415
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT
                                                        ETag: "0x8DC582BE7C66E85"
                                                        x-ms-request-id: 42bb1403-701e-005c-578c-15bb94000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211716Z-15767c5fc55gq5fmm10nm5qqr80000000bn000000000kzcu
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:16 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        140192.168.2.45522713.107.246.454437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:16 UTC192OUTGET /rules/rule700501v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:16 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:16 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1405
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT
                                                        ETag: "0x8DC582BE89A8F82"
                                                        x-ms-request-id: 56c891cb-f01e-0085-428c-1588ea000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211716Z-15767c5fc55d6fcl6x6bw8cpdc0000000bhg000000004ewp
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:16 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        141192.168.2.455228142.250.186.784437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:16 UTC1330OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Content-Length: 1625
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-arch: "x86"
                                                        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        X-Goog-AuthUser: 0
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: */*
                                                        Origin: https://accounts.google.com
                                                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Cookie: NID=518=h93JnhGHhbr3EFEcVbP33iRzGBGyGwNnTeKKgsDIvsOFjEJE59kJQ58rt1Dk81RxHjgSIAXPTMuaC3lLtNfA-WvCOOUlQXY4WbkIoBPloe3ba075UTXYUywU0CW9P2EKobVagI0W1iJ0rdhDzh4udms3ZONUy9B_YgWiGAUIJZw6ehWTDbLp51kOH2s
                                                        2024-10-03 21:17:16 UTC1625OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 39 39 30 32 33 34 35 30 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1727990234501",null,null,null
                                                        2024-10-03 21:17:16 UTC523INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Thu, 03 Oct 2024 21:17:16 GMT
                                                        Server: Playlog
                                                        Cache-Control: private
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2024-10-03 21:17:16 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                        2024-10-03 21:17:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        142192.168.2.455229142.250.186.784437936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:16 UTC1330OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                        Host: play.google.com
                                                        Connection: keep-alive
                                                        Content-Length: 1347
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-arch: "x86"
                                                        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                        sec-ch-ua-full-version: "117.0.5938.132"
                                                        sec-ch-ua-platform-version: "10.0.0"
                                                        X-Goog-AuthUser: 0
                                                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                        sec-ch-ua-bitness: "64"
                                                        sec-ch-ua-model: ""
                                                        sec-ch-ua-wow64: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: */*
                                                        Origin: https://accounts.google.com
                                                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                        Sec-Fetch-Site: same-site
                                                        Sec-Fetch-Mode: cors
                                                        Sec-Fetch-Dest: empty
                                                        Referer: https://accounts.google.com/
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Cookie: NID=518=h93JnhGHhbr3EFEcVbP33iRzGBGyGwNnTeKKgsDIvsOFjEJE59kJQ58rt1Dk81RxHjgSIAXPTMuaC3lLtNfA-WvCOOUlQXY4WbkIoBPloe3ba075UTXYUywU0CW9P2EKobVagI0W1iJ0rdhDzh4udms3ZONUy9B_YgWiGAUIJZw6ehWTDbLp51kOH2s
                                                        2024-10-03 21:17:16 UTC1347OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 39 39 30 32 33 34 35 34 39 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1727990234549",null,null,null
                                                        2024-10-03 21:17:16 UTC523INHTTP/1.1 200 OK
                                                        Access-Control-Allow-Origin: https://accounts.google.com
                                                        Cross-Origin-Resource-Policy: cross-origin
                                                        Access-Control-Allow-Credentials: true
                                                        Access-Control-Allow-Headers: X-Playlog-Web
                                                        Content-Type: text/plain; charset=UTF-8
                                                        Date: Thu, 03 Oct 2024 21:17:16 GMT
                                                        Server: Playlog
                                                        Cache-Control: private
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Accept-Ranges: none
                                                        Vary: Accept-Encoding
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        2024-10-03 21:17:16 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                        2024-10-03 21:17:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        143192.168.2.45523013.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:16 UTC192OUTGET /rules/rule700500v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:16 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:16 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1368
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                        ETag: "0x8DC582BE51CE7B3"
                                                        x-ms-request-id: 2f845d93-b01e-0070-2f8c-151cc0000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211716Z-15767c5fc554w2fgapsyvy8ua00000000b3g000000008xfw
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:16 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        144192.168.2.45523113.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:16 UTC192OUTGET /rules/rule702551v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:17 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:16 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1415
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                        ETag: "0x8DC582BDCE9703A"
                                                        x-ms-request-id: 5f7380a8-801e-0015-7b8c-15f97f000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211716Z-15767c5fc55n4msds84xh4z67w000000057g00000000grms
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:17 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        145192.168.2.45523213.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:16 UTC192OUTGET /rules/rule702550v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:17 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:17 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1378
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                        ETag: "0x8DC582BE584C214"
                                                        x-ms-request-id: b612907a-401e-008c-278c-1586c2000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211717Z-15767c5fc55rg5b7sh1vuv8t7n0000000c00000000001w73
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:17 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        146192.168.2.45523313.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:16 UTC192OUTGET /rules/rule701351v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:17 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:17 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1407
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                        ETag: "0x8DC582BE687B46A"
                                                        x-ms-request-id: 2d1829d7-b01e-001e-738c-150214000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211717Z-15767c5fc55ncqdn59ub6rndq00000000bb00000000029qs
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:17 UTC1407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        147192.168.2.45523413.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:17 UTC192OUTGET /rules/rule701350v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:17 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:17 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1370
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                        ETag: "0x8DC582BDE62E0AB"
                                                        x-ms-request-id: be019a9f-401e-0035-518c-1582d8000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211717Z-15767c5fc5546rn6ch9zv310e000000004kg0000000084f0
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:17 UTC1370INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        148192.168.2.45523513.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:17 UTC192OUTGET /rules/rule702151v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:17 UTC584INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:17 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1397
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                        ETag: "0x8DC582BE156D2EE"
                                                        x-ms-request-id: 36a1620f-001e-0028-0f8c-15c49f000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211717Z-15767c5fc55rg5b7sh1vuv8t7n0000000btg00000000sqw8
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        X-Cache-Info: L1_T2
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:17 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        149192.168.2.45523613.107.246.45443
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-03 21:17:17 UTC192OUTGET /rules/rule702150v1s19.xml HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Accept-Encoding: gzip
                                                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                        Host: otelrules.azureedge.net
                                                        2024-10-03 21:17:17 UTC563INHTTP/1.1 200 OK
                                                        Date: Thu, 03 Oct 2024 21:17:17 GMT
                                                        Content-Type: text/xml
                                                        Content-Length: 1360
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Vary: Accept-Encoding
                                                        Cache-Control: public, max-age=604800, immutable
                                                        Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT
                                                        ETag: "0x8DC582BEDC8193E"
                                                        x-ms-request-id: e360128a-801e-0083-498c-15f0ae000000
                                                        x-ms-version: 2018-03-28
                                                        x-azure-ref: 20241003T211717Z-15767c5fc5546rn6ch9zv310e000000004g000000000hdwn
                                                        x-fd-int-roxy-purgeid: 0
                                                        X-Cache: TCP_HIT
                                                        Accept-Ranges: bytes
                                                        2024-10-03 21:17:17 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:17:15:57
                                                        Start date:03/10/2024
                                                        Path:C:\Users\user\Desktop\file.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                        Imagebase:0x330000
                                                        File size:919'040 bytes
                                                        MD5 hash:0163B7A3440C77002573170F654D4B6B
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:false

                                                        General

                                                        Target ID:1
                                                        Start time:17:15:57
                                                        Start date:03/10/2024
                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:taskkill /F /IM chrome.exe /T
                                                        Imagebase:0xd30000
                                                        File size:74'240 bytes
                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:2
                                                        Start time:17:15:57
                                                        Start date:03/10/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7699e0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:3
                                                        Start time:17:15:57
                                                        Start date:03/10/2024
                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:taskkill /F /IM msedge.exe /T
                                                        Imagebase:0xd30000
                                                        File size:74'240 bytes
                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:4
                                                        Start time:17:15:57
                                                        Start date:03/10/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7699e0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:5
                                                        Start time:17:15:58
                                                        Start date:03/10/2024
                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:taskkill /F /IM firefox.exe /T
                                                        Imagebase:0xd30000
                                                        File size:74'240 bytes
                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:6
                                                        Start time:17:15:58
                                                        Start date:03/10/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7699e0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:7
                                                        Start time:17:15:58
                                                        Start date:03/10/2024
                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:taskkill /F /IM opera.exe /T
                                                        Imagebase:0xd30000
                                                        File size:74'240 bytes
                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:8
                                                        Start time:17:15:58
                                                        Start date:03/10/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7699e0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:9
                                                        Start time:17:15:58
                                                        Start date:03/10/2024
                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:taskkill /F /IM brave.exe /T
                                                        Imagebase:0xd30000
                                                        File size:74'240 bytes
                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:10
                                                        Start time:17:15:58
                                                        Start date:03/10/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7699e0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:11
                                                        Start time:17:15:59
                                                        Start date:03/10/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
                                                        Imagebase:0x7ff76e190000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:13
                                                        Start time:17:16:00
                                                        Start date:03/10/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2056,i,816563979153605487,13544301071999845567,262144 /prefetch:8
                                                        Imagebase:0x7ff76e190000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:14
                                                        Start time:17:16:11
                                                        Start date:03/10/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5328 --field-trial-handle=2056,i,816563979153605487,13544301071999845567,262144 /prefetch:8
                                                        Imagebase:0x7ff76e190000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:15
                                                        Start time:17:16:12
                                                        Start date:03/10/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=2056,i,816563979153605487,13544301071999845567,262144 /prefetch:8
                                                        Imagebase:0x7ff76e190000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:1.9%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:7.4%
                                                          Total number of Nodes:1500
                                                          Total number of Limit Nodes:49
                                                          execution_graph 94179 331033 94184 334c91 94179->94184 94183 331042 94192 33a961 94184->94192 94189 334d9c 94190 331038 94189->94190 94200 3351f7 22 API calls __fread_nolock 94189->94200 94191 3500a3 29 API calls __onexit 94190->94191 94191->94183 94201 34fe0b 94192->94201 94194 33a976 94211 34fddb 94194->94211 94196 334cff 94197 333af0 94196->94197 94236 333b1c 94197->94236 94200->94189 94202 34fddb 94201->94202 94204 34fdfa 94202->94204 94207 34fdfc 94202->94207 94221 35ea0c 94202->94221 94228 354ead 7 API calls 2 library calls 94202->94228 94204->94194 94206 35066d 94230 3532a4 RaiseException 94206->94230 94207->94206 94229 3532a4 RaiseException 94207->94229 94210 35068a 94210->94194 94213 34fde0 94211->94213 94212 35ea0c ___std_exception_copy 21 API calls 94212->94213 94213->94212 94214 34fdfa 94213->94214 94217 34fdfc 94213->94217 94233 354ead 7 API calls 2 library calls 94213->94233 94214->94196 94216 35066d 94235 3532a4 RaiseException 94216->94235 94217->94216 94234 3532a4 RaiseException 94217->94234 94220 35068a 94220->94196 94227 363820 _free 94221->94227 94222 36385e 94232 35f2d9 20 API calls _free 94222->94232 94224 363849 RtlAllocateHeap 94225 36385c 94224->94225 94224->94227 94225->94202 94227->94222 94227->94224 94231 354ead 7 API calls 2 library calls 94227->94231 94228->94202 94229->94206 94230->94210 94231->94227 94232->94225 94233->94213 94234->94216 94235->94220 94237 333b0f 94236->94237 94238 333b29 94236->94238 94237->94189 94238->94237 94239 333b30 RegOpenKeyExW 94238->94239 94239->94237 94240 333b4a RegQueryValueExW 94239->94240 94241 333b80 RegCloseKey 94240->94241 94242 333b6b 94240->94242 94241->94237 94242->94241 94243 332e37 94244 33a961 22 API calls 94243->94244 94245 332e4d 94244->94245 94322 334ae3 94245->94322 94247 332e6b 94336 333a5a 94247->94336 94249 332e7f 94343 339cb3 94249->94343 94254 372cb0 94394 3a2cf9 94254->94394 94255 332ead 94371 33a8c7 22 API calls __fread_nolock 94255->94371 94257 372cc3 94258 372ccf 94257->94258 94420 334f39 94257->94420 94263 334f39 68 API calls 94258->94263 94261 332ec3 94372 336f88 22 API calls 94261->94372 94266 372ce5 94263->94266 94264 332ecf 94265 339cb3 22 API calls 94264->94265 94267 332edc 94265->94267 94426 333084 22 API calls 94266->94426 94373 33a81b 41 API calls 94267->94373 94269 332eec 94272 339cb3 22 API calls 94269->94272 94271 372d02 94427 333084 22 API calls 94271->94427 94274 332f12 94272->94274 94374 33a81b 41 API calls 94274->94374 94275 372d1e 94277 333a5a 24 API calls 94275->94277 94278 372d44 94277->94278 94428 333084 22 API calls 94278->94428 94279 332f21 94282 33a961 22 API calls 94279->94282 94281 372d50 94429 33a8c7 22 API calls __fread_nolock 94281->94429 94284 332f3f 94282->94284 94375 333084 22 API calls 94284->94375 94286 372d5e 94430 333084 22 API calls 94286->94430 94287 332f4b 94376 354a28 40 API calls 3 library calls 94287->94376 94290 372d6d 94431 33a8c7 22 API calls __fread_nolock 94290->94431 94291 332f59 94291->94266 94292 332f63 94291->94292 94377 354a28 40 API calls 3 library calls 94292->94377 94295 372d83 94432 333084 22 API calls 94295->94432 94296 332f6e 94296->94271 94298 332f78 94296->94298 94378 354a28 40 API calls 3 library calls 94298->94378 94299 372d90 94301 332f83 94301->94275 94302 332f8d 94301->94302 94379 354a28 40 API calls 3 library calls 94302->94379 94304 332f98 94305 332fdc 94304->94305 94380 333084 22 API calls 94304->94380 94305->94290 94306 332fe8 94305->94306 94306->94299 94383 3363eb 94306->94383 94308 332fbf 94381 33a8c7 22 API calls __fread_nolock 94308->94381 94312 332fcd 94382 333084 22 API calls 94312->94382 94315 333006 94390 3370b0 23 API calls 94315->94390 94319 333021 94320 333065 94319->94320 94391 336f88 22 API calls 94319->94391 94392 3370b0 23 API calls 94319->94392 94393 333084 22 API calls 94319->94393 94323 334af0 __wsopen_s 94322->94323 94325 334b22 94323->94325 94436 336b57 94323->94436 94327 334b58 94325->94327 94433 334c6d 94325->94433 94328 334c29 94327->94328 94331 339cb3 22 API calls 94327->94331 94334 334c6d 22 API calls 94327->94334 94448 33515f 94327->94448 94329 339cb3 22 API calls 94328->94329 94330 334c5e 94328->94330 94332 334c52 94329->94332 94330->94247 94331->94327 94333 33515f 22 API calls 94332->94333 94333->94330 94334->94327 94465 371f50 94336->94465 94339 339cb3 22 API calls 94340 333a8d 94339->94340 94467 333aa2 94340->94467 94342 333a97 94342->94249 94344 339cc2 _wcslen 94343->94344 94345 34fe0b 22 API calls 94344->94345 94346 339cea __fread_nolock 94345->94346 94347 34fddb 22 API calls 94346->94347 94348 332e8c 94347->94348 94349 334ecb 94348->94349 94487 334e90 LoadLibraryA 94349->94487 94354 334ef6 LoadLibraryExW 94495 334e59 LoadLibraryA 94354->94495 94355 373ccf 94356 334f39 68 API calls 94355->94356 94358 373cd6 94356->94358 94361 334e59 3 API calls 94358->94361 94363 373cde 94361->94363 94362 334f20 94362->94363 94364 334f2c 94362->94364 94517 3350f5 40 API calls __fread_nolock 94363->94517 94365 334f39 68 API calls 94364->94365 94367 332ea5 94365->94367 94367->94254 94367->94255 94368 373cf5 94518 3a28fe 27 API calls 94368->94518 94370 373d05 94371->94261 94372->94264 94373->94269 94374->94279 94375->94287 94376->94291 94377->94296 94378->94301 94379->94304 94380->94308 94381->94312 94382->94305 94384 3363f3 94383->94384 94385 34fddb 22 API calls 94384->94385 94386 336401 94385->94386 94588 336a26 22 API calls 94386->94588 94388 332ff8 94389 336a50 22 API calls 94388->94389 94389->94315 94390->94319 94391->94319 94392->94319 94393->94319 94395 3a2d15 94394->94395 94589 33511f 64 API calls 94395->94589 94397 3a2d29 94590 3a2e66 75 API calls 94397->94590 94399 3a2d3b 94417 3a2d3f 94399->94417 94591 3350f5 40 API calls __fread_nolock 94399->94591 94401 3a2d56 94592 3350f5 40 API calls __fread_nolock 94401->94592 94403 3a2d66 94593 3350f5 40 API calls __fread_nolock 94403->94593 94405 3a2d81 94594 3350f5 40 API calls __fread_nolock 94405->94594 94407 3a2d9c 94595 33511f 64 API calls 94407->94595 94409 3a2db3 94410 35ea0c ___std_exception_copy 21 API calls 94409->94410 94411 3a2dba 94410->94411 94412 35ea0c ___std_exception_copy 21 API calls 94411->94412 94413 3a2dc4 94412->94413 94596 3350f5 40 API calls __fread_nolock 94413->94596 94415 3a2dd8 94597 3a28fe 27 API calls 94415->94597 94417->94257 94418 3a2dee 94418->94417 94598 3a22ce 94418->94598 94421 334f43 94420->94421 94423 334f4a 94420->94423 94422 35e678 67 API calls 94421->94422 94422->94423 94424 334f6a FreeLibrary 94423->94424 94425 334f59 94423->94425 94424->94425 94425->94258 94426->94271 94427->94275 94428->94281 94429->94286 94430->94290 94431->94295 94432->94299 94454 33aec9 94433->94454 94435 334c78 94435->94325 94437 336b67 _wcslen 94436->94437 94438 374ba1 94436->94438 94441 336ba2 94437->94441 94442 336b7d 94437->94442 94461 3393b2 94438->94461 94440 374baa 94440->94440 94443 34fddb 22 API calls 94441->94443 94460 336f34 22 API calls 94442->94460 94445 336bae 94443->94445 94447 34fe0b 22 API calls 94445->94447 94446 336b85 __fread_nolock 94446->94325 94447->94446 94449 33516e 94448->94449 94453 33518f __fread_nolock 94448->94453 94451 34fe0b 22 API calls 94449->94451 94450 34fddb 22 API calls 94452 3351a2 94450->94452 94451->94453 94452->94327 94453->94450 94455 33aedc 94454->94455 94459 33aed9 __fread_nolock 94454->94459 94456 34fddb 22 API calls 94455->94456 94457 33aee7 94456->94457 94458 34fe0b 22 API calls 94457->94458 94458->94459 94459->94435 94460->94446 94462 3393c9 __fread_nolock 94461->94462 94463 3393c0 94461->94463 94462->94440 94463->94462 94464 33aec9 22 API calls 94463->94464 94464->94462 94466 333a67 GetModuleFileNameW 94465->94466 94466->94339 94468 371f50 __wsopen_s 94467->94468 94469 333aaf GetFullPathNameW 94468->94469 94470 333ae9 94469->94470 94471 333ace 94469->94471 94481 33a6c3 94470->94481 94473 336b57 22 API calls 94471->94473 94474 333ada 94473->94474 94477 3337a0 94474->94477 94478 3337ae 94477->94478 94479 3393b2 22 API calls 94478->94479 94480 3337c2 94479->94480 94480->94342 94482 33a6dd 94481->94482 94486 33a6d0 94481->94486 94483 34fddb 22 API calls 94482->94483 94484 33a6e7 94483->94484 94485 34fe0b 22 API calls 94484->94485 94485->94486 94486->94474 94488 334ec6 94487->94488 94489 334ea8 GetProcAddress 94487->94489 94492 35e5eb 94488->94492 94490 334eb8 94489->94490 94490->94488 94491 334ebf FreeLibrary 94490->94491 94491->94488 94519 35e52a 94492->94519 94494 334eea 94494->94354 94494->94355 94496 334e6e GetProcAddress 94495->94496 94497 334e8d 94495->94497 94498 334e7e 94496->94498 94500 334f80 94497->94500 94498->94497 94499 334e86 FreeLibrary 94498->94499 94499->94497 94501 34fe0b 22 API calls 94500->94501 94502 334f95 94501->94502 94574 335722 94502->94574 94504 334fa1 __fread_nolock 94505 3350a5 94504->94505 94506 373d1d 94504->94506 94516 334fdc 94504->94516 94577 3342a2 CreateStreamOnHGlobal 94505->94577 94585 3a304d 74 API calls 94506->94585 94509 373d22 94586 33511f 64 API calls 94509->94586 94512 373d45 94587 3350f5 40 API calls __fread_nolock 94512->94587 94515 33506e messages 94515->94362 94516->94509 94516->94515 94583 3350f5 40 API calls __fread_nolock 94516->94583 94584 33511f 64 API calls 94516->94584 94517->94368 94518->94370 94522 35e536 ___scrt_is_nonwritable_in_current_image 94519->94522 94520 35e544 94544 35f2d9 20 API calls _free 94520->94544 94522->94520 94524 35e574 94522->94524 94523 35e549 94545 3627ec 26 API calls pre_c_initialization 94523->94545 94526 35e586 94524->94526 94527 35e579 94524->94527 94536 368061 94526->94536 94546 35f2d9 20 API calls _free 94527->94546 94530 35e554 __wsopen_s 94530->94494 94531 35e58f 94532 35e595 94531->94532 94533 35e5a2 94531->94533 94547 35f2d9 20 API calls _free 94532->94547 94548 35e5d4 LeaveCriticalSection __fread_nolock 94533->94548 94537 36806d ___scrt_is_nonwritable_in_current_image 94536->94537 94549 362f5e EnterCriticalSection 94537->94549 94539 36807b 94550 3680fb 94539->94550 94543 3680ac __wsopen_s 94543->94531 94544->94523 94545->94530 94546->94530 94547->94530 94548->94530 94549->94539 94557 36811e 94550->94557 94551 368088 94564 3680b7 94551->94564 94552 368177 94569 364c7d 20 API calls _free 94552->94569 94554 368180 94570 3629c8 20 API calls _free 94554->94570 94557->94551 94557->94552 94567 35918d EnterCriticalSection 94557->94567 94568 3591a1 LeaveCriticalSection 94557->94568 94558 368189 94558->94551 94571 363405 11 API calls 2 library calls 94558->94571 94560 3681a8 94572 35918d EnterCriticalSection 94560->94572 94563 3681bb 94563->94551 94573 362fa6 LeaveCriticalSection 94564->94573 94566 3680be 94566->94543 94567->94557 94568->94557 94569->94554 94570->94558 94571->94560 94572->94563 94573->94566 94575 34fddb 22 API calls 94574->94575 94576 335734 94575->94576 94576->94504 94578 3342bc FindResourceExW 94577->94578 94582 3342d9 94577->94582 94579 3735ba LoadResource 94578->94579 94578->94582 94580 3735cf SizeofResource 94579->94580 94579->94582 94581 3735e3 LockResource 94580->94581 94580->94582 94581->94582 94582->94516 94583->94516 94584->94516 94585->94509 94586->94512 94587->94515 94588->94388 94589->94397 94590->94399 94591->94401 94592->94403 94593->94405 94594->94407 94595->94409 94596->94415 94597->94418 94599 3a22e7 94598->94599 94600 3a22d9 94598->94600 94602 3a232c 94599->94602 94603 35e5eb 29 API calls 94599->94603 94626 3a22f0 94599->94626 94601 35e5eb 29 API calls 94600->94601 94601->94599 94627 3a2557 40 API calls __fread_nolock 94602->94627 94605 3a2311 94603->94605 94605->94602 94607 3a231a 94605->94607 94606 3a2370 94608 3a2374 94606->94608 94609 3a2395 94606->94609 94607->94626 94635 35e678 94607->94635 94612 3a2381 94608->94612 94614 35e678 67 API calls 94608->94614 94628 3a2171 94609->94628 94617 35e678 67 API calls 94612->94617 94612->94626 94613 3a239d 94615 3a23c3 94613->94615 94616 3a23a3 94613->94616 94614->94612 94648 3a23f3 74 API calls 94615->94648 94618 3a23b0 94616->94618 94620 35e678 67 API calls 94616->94620 94617->94626 94621 35e678 67 API calls 94618->94621 94618->94626 94620->94618 94621->94626 94622 3a23de 94625 35e678 67 API calls 94622->94625 94622->94626 94623 3a23ca 94623->94622 94624 35e678 67 API calls 94623->94624 94624->94622 94625->94626 94626->94417 94627->94606 94629 35ea0c ___std_exception_copy 21 API calls 94628->94629 94630 3a217f 94629->94630 94631 35ea0c ___std_exception_copy 21 API calls 94630->94631 94632 3a2190 94631->94632 94633 35ea0c ___std_exception_copy 21 API calls 94632->94633 94634 3a219c 94633->94634 94634->94613 94636 35e684 ___scrt_is_nonwritable_in_current_image 94635->94636 94637 35e695 94636->94637 94638 35e6aa 94636->94638 94666 35f2d9 20 API calls _free 94637->94666 94647 35e6a5 __wsopen_s 94638->94647 94649 35918d EnterCriticalSection 94638->94649 94641 35e69a 94667 3627ec 26 API calls pre_c_initialization 94641->94667 94642 35e6c6 94650 35e602 94642->94650 94645 35e6d1 94668 35e6ee LeaveCriticalSection __fread_nolock 94645->94668 94647->94626 94648->94623 94649->94642 94651 35e624 94650->94651 94652 35e60f 94650->94652 94664 35e61f 94651->94664 94669 35dc0b 94651->94669 94701 35f2d9 20 API calls _free 94652->94701 94655 35e614 94702 3627ec 26 API calls pre_c_initialization 94655->94702 94661 35e646 94686 36862f 94661->94686 94664->94645 94666->94641 94667->94647 94668->94647 94670 35dc23 94669->94670 94671 35dc1f 94669->94671 94670->94671 94672 35d955 __fread_nolock 26 API calls 94670->94672 94675 364d7a 94671->94675 94673 35dc43 94672->94673 94704 3659be 62 API calls 5 library calls 94673->94704 94676 35e640 94675->94676 94677 364d90 94675->94677 94679 35d955 94676->94679 94677->94676 94705 3629c8 20 API calls _free 94677->94705 94680 35d976 94679->94680 94681 35d961 94679->94681 94680->94661 94706 35f2d9 20 API calls _free 94681->94706 94683 35d966 94707 3627ec 26 API calls pre_c_initialization 94683->94707 94685 35d971 94685->94661 94687 36863e 94686->94687 94692 368653 94686->94692 94711 35f2c6 20 API calls _free 94687->94711 94689 36868e 94713 35f2c6 20 API calls _free 94689->94713 94691 368643 94712 35f2d9 20 API calls _free 94691->94712 94692->94689 94695 36867a 94692->94695 94693 368693 94714 35f2d9 20 API calls _free 94693->94714 94708 368607 94695->94708 94698 36869b 94715 3627ec 26 API calls pre_c_initialization 94698->94715 94699 35e64c 94699->94664 94703 3629c8 20 API calls _free 94699->94703 94701->94655 94702->94664 94703->94664 94704->94671 94705->94676 94706->94683 94707->94685 94716 368585 94708->94716 94710 36862b 94710->94699 94711->94691 94712->94699 94713->94693 94714->94698 94715->94699 94717 368591 ___scrt_is_nonwritable_in_current_image 94716->94717 94727 365147 EnterCriticalSection 94717->94727 94719 36859f 94720 3685c6 94719->94720 94721 3685d1 94719->94721 94728 3686ae 94720->94728 94743 35f2d9 20 API calls _free 94721->94743 94724 3685cc 94744 3685fb LeaveCriticalSection __wsopen_s 94724->94744 94726 3685ee __wsopen_s 94726->94710 94727->94719 94745 3653c4 94728->94745 94730 3686c4 94758 365333 21 API calls 3 library calls 94730->94758 94732 3686be 94732->94730 94733 3686f6 94732->94733 94736 3653c4 __wsopen_s 26 API calls 94732->94736 94733->94730 94734 3653c4 __wsopen_s 26 API calls 94733->94734 94738 368702 CloseHandle 94734->94738 94735 36871c 94739 36873e 94735->94739 94759 35f2a3 20 API calls 2 library calls 94735->94759 94737 3686ed 94736->94737 94740 3653c4 __wsopen_s 26 API calls 94737->94740 94738->94730 94741 36870e GetLastError 94738->94741 94739->94724 94740->94733 94741->94730 94743->94724 94744->94726 94746 3653d1 94745->94746 94748 3653e6 94745->94748 94760 35f2c6 20 API calls _free 94746->94760 94753 36540b 94748->94753 94762 35f2c6 20 API calls _free 94748->94762 94749 3653d6 94761 35f2d9 20 API calls _free 94749->94761 94751 365416 94763 35f2d9 20 API calls _free 94751->94763 94753->94732 94755 3653de 94755->94732 94756 36541e 94764 3627ec 26 API calls pre_c_initialization 94756->94764 94758->94735 94759->94739 94760->94749 94761->94755 94762->94751 94763->94756 94764->94755 94765 333156 94768 333170 94765->94768 94769 333187 94768->94769 94770 3331eb 94769->94770 94771 33318c 94769->94771 94809 3331e9 94769->94809 94773 3331f1 94770->94773 94774 372dfb 94770->94774 94775 333265 PostQuitMessage 94771->94775 94776 333199 94771->94776 94772 3331d0 DefWindowProcW 94800 33316a 94772->94800 94777 3331f8 94773->94777 94778 33321d SetTimer RegisterWindowMessageW 94773->94778 94824 3318e2 10 API calls 94774->94824 94775->94800 94780 3331a4 94776->94780 94781 372e7c 94776->94781 94782 333201 KillTimer 94777->94782 94783 372d9c 94777->94783 94785 333246 CreatePopupMenu 94778->94785 94778->94800 94786 3331ae 94780->94786 94787 372e68 94780->94787 94838 39bf30 34 API calls ___scrt_fastfail 94781->94838 94820 3330f2 Shell_NotifyIconW ___scrt_fastfail 94782->94820 94789 372dd7 MoveWindow 94783->94789 94790 372da1 94783->94790 94784 372e1c 94825 34e499 42 API calls 94784->94825 94785->94800 94794 372e4d 94786->94794 94795 3331b9 94786->94795 94813 39c161 94787->94813 94789->94800 94797 372da7 94790->94797 94798 372dc6 SetFocus 94790->94798 94794->94772 94837 390ad7 22 API calls 94794->94837 94801 3331c4 94795->94801 94802 333253 94795->94802 94796 372e8e 94796->94772 94796->94800 94797->94801 94803 372db0 94797->94803 94798->94800 94799 333214 94821 333c50 DeleteObject DestroyWindow 94799->94821 94801->94772 94826 3330f2 Shell_NotifyIconW ___scrt_fastfail 94801->94826 94822 33326f 44 API calls ___scrt_fastfail 94802->94822 94823 3318e2 10 API calls 94803->94823 94807 333263 94807->94800 94809->94772 94811 372e41 94827 333837 94811->94827 94814 39c179 ___scrt_fastfail 94813->94814 94815 39c276 94813->94815 94839 333923 94814->94839 94815->94800 94817 39c25f KillTimer SetTimer 94817->94815 94818 39c1a0 94818->94817 94819 39c251 Shell_NotifyIconW 94818->94819 94819->94817 94820->94799 94821->94800 94822->94807 94823->94800 94824->94784 94825->94801 94826->94811 94828 333862 ___scrt_fastfail 94827->94828 94912 334212 94828->94912 94831 3338e8 94833 373386 Shell_NotifyIconW 94831->94833 94834 333906 Shell_NotifyIconW 94831->94834 94835 333923 24 API calls 94834->94835 94836 33391c 94835->94836 94836->94809 94837->94809 94838->94796 94840 333a13 94839->94840 94841 33393f 94839->94841 94840->94818 94861 336270 94841->94861 94844 373393 LoadStringW 94847 3733ad 94844->94847 94845 33395a 94846 336b57 22 API calls 94845->94846 94848 33396f 94846->94848 94856 333994 ___scrt_fastfail 94847->94856 94875 33a8c7 22 API calls __fread_nolock 94847->94875 94849 3733c9 94848->94849 94850 33397c 94848->94850 94853 336350 22 API calls 94849->94853 94850->94847 94852 333986 94850->94852 94866 336350 94852->94866 94855 3733d7 94853->94855 94855->94856 94876 3333c6 94855->94876 94858 3339f9 Shell_NotifyIconW 94856->94858 94858->94840 94859 3733f9 94860 3333c6 22 API calls 94859->94860 94860->94856 94862 34fe0b 22 API calls 94861->94862 94863 336295 94862->94863 94864 34fddb 22 API calls 94863->94864 94865 33394d 94864->94865 94865->94844 94865->94845 94867 336362 94866->94867 94868 374a51 94866->94868 94885 336373 94867->94885 94895 334a88 22 API calls __fread_nolock 94868->94895 94871 33636e 94871->94856 94872 374a5b 94873 374a67 94872->94873 94896 33a8c7 22 API calls __fread_nolock 94872->94896 94875->94856 94877 3730bb 94876->94877 94878 3333dd 94876->94878 94880 34fddb 22 API calls 94877->94880 94902 3333ee 94878->94902 94882 3730c5 _wcslen 94880->94882 94881 3333e8 94881->94859 94883 34fe0b 22 API calls 94882->94883 94884 3730fe __fread_nolock 94883->94884 94886 3363b6 __fread_nolock 94885->94886 94887 336382 94885->94887 94886->94871 94887->94886 94888 374a82 94887->94888 94889 3363a9 94887->94889 94891 34fddb 22 API calls 94888->94891 94897 33a587 94889->94897 94892 374a91 94891->94892 94893 34fe0b 22 API calls 94892->94893 94894 374ac5 __fread_nolock 94893->94894 94895->94872 94896->94873 94899 33a59d 94897->94899 94901 33a598 __fread_nolock 94897->94901 94898 37f80f 94899->94898 94900 34fe0b 22 API calls 94899->94900 94900->94901 94901->94886 94903 3333fe _wcslen 94902->94903 94904 333411 94903->94904 94905 37311d 94903->94905 94907 33a587 22 API calls 94904->94907 94906 34fddb 22 API calls 94905->94906 94908 373127 94906->94908 94909 33341e __fread_nolock 94907->94909 94910 34fe0b 22 API calls 94908->94910 94909->94881 94911 373157 __fread_nolock 94910->94911 94913 3735a4 94912->94913 94914 3338b7 94912->94914 94913->94914 94915 3735ad DestroyIcon 94913->94915 94914->94831 94916 39c874 42 API calls _strftime 94914->94916 94915->94914 94916->94831 94917 33105b 94922 33344d 94917->94922 94919 33106a 94953 3500a3 29 API calls __onexit 94919->94953 94921 331074 94923 33345d __wsopen_s 94922->94923 94924 33a961 22 API calls 94923->94924 94925 333513 94924->94925 94926 333a5a 24 API calls 94925->94926 94927 33351c 94926->94927 94954 333357 94927->94954 94930 3333c6 22 API calls 94931 333535 94930->94931 94932 33515f 22 API calls 94931->94932 94933 333544 94932->94933 94934 33a961 22 API calls 94933->94934 94935 33354d 94934->94935 94936 33a6c3 22 API calls 94935->94936 94937 333556 RegOpenKeyExW 94936->94937 94938 373176 RegQueryValueExW 94937->94938 94942 333578 94937->94942 94939 373193 94938->94939 94940 37320c RegCloseKey 94938->94940 94941 34fe0b 22 API calls 94939->94941 94940->94942 94946 37321e _wcslen 94940->94946 94943 3731ac 94941->94943 94942->94919 94945 335722 22 API calls 94943->94945 94944 334c6d 22 API calls 94944->94946 94947 3731b7 RegQueryValueExW 94945->94947 94946->94942 94946->94944 94951 339cb3 22 API calls 94946->94951 94952 33515f 22 API calls 94946->94952 94948 3731d4 94947->94948 94950 3731ee messages 94947->94950 94949 336b57 22 API calls 94948->94949 94949->94950 94950->94940 94951->94946 94952->94946 94953->94921 94955 371f50 __wsopen_s 94954->94955 94956 333364 GetFullPathNameW 94955->94956 94957 333386 94956->94957 94958 336b57 22 API calls 94957->94958 94959 3333a4 94958->94959 94959->94930 94960 3c2a55 94968 3a1ebc 94960->94968 94963 3c2a70 94970 3939c0 22 API calls 94963->94970 94964 3c2a87 94966 3c2a7c 94971 39417d 22 API calls __fread_nolock 94966->94971 94969 3a1ec3 IsWindow 94968->94969 94969->94963 94969->94964 94970->94966 94971->94964 94972 331098 94977 3342de 94972->94977 94976 3310a7 94978 33a961 22 API calls 94977->94978 94979 3342f5 GetVersionExW 94978->94979 94980 336b57 22 API calls 94979->94980 94981 334342 94980->94981 94982 3393b2 22 API calls 94981->94982 94994 334378 94981->94994 94983 33436c 94982->94983 94985 3337a0 22 API calls 94983->94985 94984 33441b GetCurrentProcess IsWow64Process 94986 334437 94984->94986 94985->94994 94987 373824 GetSystemInfo 94986->94987 94988 33444f LoadLibraryA 94986->94988 94989 334460 GetProcAddress 94988->94989 94990 33449c GetSystemInfo 94988->94990 94989->94990 94992 334470 GetNativeSystemInfo 94989->94992 94993 334476 94990->94993 94991 3737df 94992->94993 94995 33109d 94993->94995 94996 33447a FreeLibrary 94993->94996 94994->94984 94994->94991 94997 3500a3 29 API calls __onexit 94995->94997 94996->94995 94997->94976 94998 33f7bf 94999 33f7d3 94998->94999 95000 33fcb6 94998->95000 95002 33fcc2 94999->95002 95004 34fddb 22 API calls 94999->95004 95093 33aceb 95000->95093 95003 33aceb 23 API calls 95002->95003 95007 33fd3d 95003->95007 95005 33f7e5 95004->95005 95005->95002 95006 33f83e 95005->95006 95005->95007 95024 33ed9d messages 95006->95024 95033 341310 95006->95033 95103 3a1155 22 API calls 95007->95103 95010 34fddb 22 API calls 95031 33ec76 messages 95010->95031 95011 33fef7 95011->95024 95105 33a8c7 22 API calls __fread_nolock 95011->95105 95014 384b0b 95107 3a359c 82 API calls __wsopen_s 95014->95107 95015 33a8c7 22 API calls 95015->95031 95016 384600 95016->95024 95104 33a8c7 22 API calls __fread_nolock 95016->95104 95022 33fbe3 95022->95024 95025 384bdc 95022->95025 95030 33f3ae messages 95022->95030 95023 33a961 22 API calls 95023->95031 95108 3a359c 82 API calls __wsopen_s 95025->95108 95027 3500a3 29 API calls pre_c_initialization 95027->95031 95028 350242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95028->95031 95029 384beb 95109 3a359c 82 API calls __wsopen_s 95029->95109 95030->95024 95106 3a359c 82 API calls __wsopen_s 95030->95106 95031->95010 95031->95011 95031->95014 95031->95015 95031->95016 95031->95022 95031->95023 95031->95024 95031->95027 95031->95028 95031->95029 95031->95030 95032 3501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95031->95032 95091 3401e0 349 API calls 2 library calls 95031->95091 95092 3406a0 41 API calls messages 95031->95092 95032->95031 95034 341376 95033->95034 95035 3417b0 95033->95035 95037 341390 95034->95037 95038 386331 95034->95038 95192 350242 5 API calls __Init_thread_wait 95035->95192 95110 341940 95037->95110 95196 3b709c 349 API calls 95038->95196 95040 3417ba 95043 3417fb 95040->95043 95046 339cb3 22 API calls 95040->95046 95042 38633d 95042->95031 95048 386346 95043->95048 95050 34182c 95043->95050 95045 341940 9 API calls 95047 3413b6 95045->95047 95054 3417d4 95046->95054 95047->95043 95049 3413ec 95047->95049 95197 3a359c 82 API calls __wsopen_s 95048->95197 95049->95048 95073 341408 __fread_nolock 95049->95073 95051 33aceb 23 API calls 95050->95051 95053 341839 95051->95053 95194 34d217 349 API calls 95053->95194 95193 3501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95054->95193 95057 38636e 95198 3a359c 82 API calls __wsopen_s 95057->95198 95058 34152f 95060 34153c 95058->95060 95061 3863d1 95058->95061 95063 341940 9 API calls 95060->95063 95200 3b5745 54 API calls _wcslen 95061->95200 95064 341549 95063->95064 95067 3864fa 95064->95067 95069 341940 9 API calls 95064->95069 95065 34fddb 22 API calls 95065->95073 95066 34fe0b 22 API calls 95066->95073 95077 386369 95067->95077 95202 3a359c 82 API calls __wsopen_s 95067->95202 95068 341872 95195 34faeb 23 API calls 95068->95195 95075 341563 95069->95075 95073->95053 95073->95057 95073->95058 95073->95065 95073->95066 95074 3863b2 95073->95074 95073->95077 95167 33ec40 95073->95167 95199 3a359c 82 API calls __wsopen_s 95074->95199 95075->95067 95080 3415c7 messages 95075->95080 95201 33a8c7 22 API calls __fread_nolock 95075->95201 95077->95031 95079 341940 9 API calls 95079->95080 95080->95067 95080->95068 95080->95077 95080->95079 95083 34167b messages 95080->95083 95120 3babf7 95080->95120 95125 3a5c5a 95080->95125 95130 3c19bc 95080->95130 95133 3c29bf 95080->95133 95137 34f645 95080->95137 95144 3bab67 95080->95144 95147 3ba67c CreateToolhelp32Snapshot Process32FirstW 95080->95147 95081 34171d 95081->95031 95083->95081 95191 34ce17 22 API calls messages 95083->95191 95091->95031 95092->95031 95094 33acf9 95093->95094 95102 33ad2a messages 95093->95102 95095 33ad55 95094->95095 95097 33ad01 messages 95094->95097 95095->95102 95453 33a8c7 22 API calls __fread_nolock 95095->95453 95098 33ad21 95097->95098 95099 37fa48 95097->95099 95097->95102 95101 37fa3a VariantClear 95098->95101 95098->95102 95099->95102 95454 34ce17 22 API calls messages 95099->95454 95101->95102 95102->95002 95103->95024 95104->95024 95105->95024 95106->95024 95107->95024 95108->95029 95109->95024 95111 341981 95110->95111 95112 34195d 95110->95112 95203 350242 5 API calls __Init_thread_wait 95111->95203 95119 3413a0 95112->95119 95205 350242 5 API calls __Init_thread_wait 95112->95205 95114 34198b 95114->95112 95204 3501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95114->95204 95116 348727 95116->95119 95206 3501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95116->95206 95119->95045 95207 3baff9 95120->95207 95122 3bac54 95122->95080 95123 3bac0c 95123->95122 95124 33aceb 23 API calls 95123->95124 95124->95122 95126 337510 53 API calls 95125->95126 95127 3a5c6d 95126->95127 95362 39dbbe lstrlenW 95127->95362 95129 3a5c77 95129->95080 95367 3c2ad8 95130->95367 95132 3c19cb 95132->95080 95134 3c29cb 95133->95134 95135 3c2a01 GetForegroundWindow 95134->95135 95136 3c29d1 95134->95136 95135->95136 95136->95080 95138 33b567 39 API calls 95137->95138 95139 34f659 95138->95139 95140 38f2dc Sleep 95139->95140 95141 34f661 timeGetTime 95139->95141 95142 33b567 39 API calls 95141->95142 95143 34f677 95142->95143 95143->95080 95145 3baff9 217 API calls 95144->95145 95146 3bab79 95145->95146 95146->95080 95155 3ba6c3 95147->95155 95148 33a961 22 API calls 95148->95155 95149 339cb3 22 API calls 95149->95155 95151 336350 22 API calls 95151->95155 95152 337510 53 API calls 95152->95155 95155->95148 95155->95149 95155->95151 95155->95152 95156 3ba796 Process32NextW 95155->95156 95378 33525f 95155->95378 95420 34ce60 41 API calls 95155->95420 95421 3bb574 22 API calls __fread_nolock 95155->95421 95156->95155 95157 3ba7aa CloseHandle 95156->95157 95158 3363eb 22 API calls 95157->95158 95159 3ba7b9 95158->95159 95422 336a50 22 API calls 95159->95422 95161 3ba7cd 95423 3404f0 22 API calls 95161->95423 95163 3404f0 22 API calls 95166 3ba7d9 95163->95166 95164 3ba87d 95164->95080 95166->95163 95166->95164 95424 3362b5 22 API calls 95166->95424 95187 33ec76 messages 95167->95187 95168 350242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95168->95187 95169 3501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95169->95187 95170 33fef7 95184 33ed9d messages 95170->95184 95448 33a8c7 22 API calls __fread_nolock 95170->95448 95172 34fddb 22 API calls 95172->95187 95174 384b0b 95450 3a359c 82 API calls __wsopen_s 95174->95450 95175 33a8c7 22 API calls 95175->95187 95176 384600 95176->95184 95447 33a8c7 22 API calls __fread_nolock 95176->95447 95182 33fbe3 95182->95184 95185 384bdc 95182->95185 95190 33f3ae messages 95182->95190 95183 33a961 22 API calls 95183->95187 95184->95073 95451 3a359c 82 API calls __wsopen_s 95185->95451 95186 3500a3 29 API calls pre_c_initialization 95186->95187 95187->95168 95187->95169 95187->95170 95187->95172 95187->95174 95187->95175 95187->95176 95187->95182 95187->95183 95187->95184 95187->95186 95189 384beb 95187->95189 95187->95190 95445 3401e0 349 API calls 2 library calls 95187->95445 95446 3406a0 41 API calls messages 95187->95446 95452 3a359c 82 API calls __wsopen_s 95189->95452 95190->95184 95449 3a359c 82 API calls __wsopen_s 95190->95449 95191->95083 95192->95040 95193->95043 95194->95068 95195->95068 95196->95042 95197->95077 95198->95077 95199->95077 95200->95075 95201->95080 95202->95077 95203->95114 95204->95112 95205->95116 95206->95119 95208 3bb01d ___scrt_fastfail 95207->95208 95209 3bb058 95208->95209 95210 3bb094 95208->95210 95328 33b567 95209->95328 95214 33b567 39 API calls 95210->95214 95215 3bb08b 95210->95215 95212 3bb063 95212->95215 95218 33b567 39 API calls 95212->95218 95213 3bb0ed 95298 337510 95213->95298 95217 3bb0a5 95214->95217 95215->95213 95219 33b567 39 API calls 95215->95219 95221 33b567 39 API calls 95217->95221 95222 3bb078 95218->95222 95219->95213 95221->95215 95224 33b567 39 API calls 95222->95224 95224->95215 95225 3bb115 95226 3bb1d8 95225->95226 95227 3bb11f 95225->95227 95228 3bb20a GetCurrentDirectoryW 95226->95228 95230 337510 53 API calls 95226->95230 95229 337510 53 API calls 95227->95229 95231 34fe0b 22 API calls 95228->95231 95232 3bb130 95229->95232 95233 3bb1ef 95230->95233 95234 3bb22f GetCurrentDirectoryW 95231->95234 95235 337620 22 API calls 95232->95235 95238 337620 22 API calls 95233->95238 95236 3bb23c 95234->95236 95237 3bb13a 95235->95237 95241 3bb275 95236->95241 95333 339c6e 22 API calls 95236->95333 95239 337510 53 API calls 95237->95239 95240 3bb1f9 _wcslen 95238->95240 95242 3bb14b 95239->95242 95240->95228 95240->95241 95249 3bb28b 95241->95249 95250 3bb287 95241->95250 95244 337620 22 API calls 95242->95244 95246 3bb155 95244->95246 95245 3bb255 95334 339c6e 22 API calls 95245->95334 95248 337510 53 API calls 95246->95248 95252 3bb166 95248->95252 95336 3a07c0 10 API calls 95249->95336 95254 3bb39a CreateProcessW 95250->95254 95255 3bb2f8 95250->95255 95251 3bb265 95335 339c6e 22 API calls 95251->95335 95257 337620 22 API calls 95252->95257 95297 3bb32f _wcslen 95254->95297 95339 3911c8 39 API calls 95255->95339 95260 3bb170 95257->95260 95258 3bb294 95337 3a06e6 10 API calls 95258->95337 95264 3bb1a6 GetSystemDirectoryW 95260->95264 95269 337510 53 API calls 95260->95269 95262 3bb2aa 95338 3a05a7 8 API calls 95262->95338 95263 3bb2fd 95267 3bb32a 95263->95267 95268 3bb323 95263->95268 95266 34fe0b 22 API calls 95264->95266 95271 3bb1cb GetSystemDirectoryW 95266->95271 95341 3914ce 6 API calls 95267->95341 95340 391201 128 API calls 2 library calls 95268->95340 95273 3bb187 95269->95273 95270 3bb2d0 95270->95250 95271->95236 95276 337620 22 API calls 95273->95276 95275 3bb328 95275->95297 95279 3bb191 _wcslen 95276->95279 95277 3bb42f CloseHandle 95280 3bb43f 95277->95280 95290 3bb49a 95277->95290 95278 3bb3d6 GetLastError 95289 3bb41a 95278->95289 95279->95236 95279->95264 95281 3bb451 95280->95281 95282 3bb446 CloseHandle 95280->95282 95284 3bb458 CloseHandle 95281->95284 95285 3bb463 95281->95285 95282->95281 95284->95285 95287 3bb46a CloseHandle 95285->95287 95288 3bb475 95285->95288 95286 3bb4a6 95286->95289 95287->95288 95342 3a09d9 34 API calls 95288->95342 95325 3a0175 95289->95325 95290->95286 95293 3bb4d2 CloseHandle 95290->95293 95293->95289 95295 3bb486 95343 3bb536 25 API calls 95295->95343 95297->95277 95297->95278 95299 337525 95298->95299 95315 337522 95298->95315 95300 33755b 95299->95300 95301 33752d 95299->95301 95304 33756d 95300->95304 95310 3750f6 95300->95310 95312 37500f 95300->95312 95344 3551c6 26 API calls 95301->95344 95345 34fb21 51 API calls 95304->95345 95305 37510e 95305->95305 95308 34fddb 22 API calls 95311 337547 95308->95311 95309 33753d 95309->95308 95347 355183 26 API calls 95310->95347 95313 339cb3 22 API calls 95311->95313 95314 34fe0b 22 API calls 95312->95314 95320 375088 95312->95320 95313->95315 95316 375058 95314->95316 95321 337620 95315->95321 95317 34fddb 22 API calls 95316->95317 95318 37507f 95317->95318 95319 339cb3 22 API calls 95318->95319 95319->95320 95346 34fb21 51 API calls 95320->95346 95322 33762a _wcslen 95321->95322 95323 34fe0b 22 API calls 95322->95323 95324 33763f 95323->95324 95324->95225 95348 3a030f 95325->95348 95329 33b578 95328->95329 95330 33b57f 95328->95330 95329->95330 95361 3562d1 39 API calls 95329->95361 95330->95212 95332 33b5c2 95332->95212 95333->95245 95334->95251 95335->95241 95336->95258 95337->95262 95338->95270 95339->95263 95340->95275 95341->95297 95342->95295 95343->95290 95344->95309 95345->95309 95346->95310 95347->95305 95349 3a0329 95348->95349 95350 3a0321 CloseHandle 95348->95350 95351 3a032e CloseHandle 95349->95351 95352 3a0336 95349->95352 95350->95349 95351->95352 95353 3a033b CloseHandle 95352->95353 95354 3a0343 95352->95354 95353->95354 95355 3a0348 CloseHandle 95354->95355 95356 3a0350 95354->95356 95355->95356 95357 3a035d 95356->95357 95358 3a0355 CloseHandle 95356->95358 95359 3a017d 95357->95359 95360 3a0362 CloseHandle 95357->95360 95358->95357 95359->95123 95360->95359 95361->95332 95363 39dbdc GetFileAttributesW 95362->95363 95364 39dc06 95362->95364 95363->95364 95365 39dbe8 FindFirstFileW 95363->95365 95364->95129 95365->95364 95366 39dbf9 FindClose 95365->95366 95366->95364 95368 33aceb 23 API calls 95367->95368 95369 3c2af3 95368->95369 95370 3c2b1d 95369->95370 95371 3c2aff 95369->95371 95372 336b57 22 API calls 95370->95372 95373 337510 53 API calls 95371->95373 95375 3c2b1b 95372->95375 95374 3c2b0c 95373->95374 95374->95375 95377 33a8c7 22 API calls __fread_nolock 95374->95377 95375->95132 95377->95375 95379 33a961 22 API calls 95378->95379 95380 335275 95379->95380 95381 33a961 22 API calls 95380->95381 95382 33527d 95381->95382 95383 33a961 22 API calls 95382->95383 95384 335285 95383->95384 95385 33a961 22 API calls 95384->95385 95386 33528d 95385->95386 95387 373df5 95386->95387 95388 3352c1 95386->95388 95440 33a8c7 22 API calls __fread_nolock 95387->95440 95390 336d25 22 API calls 95388->95390 95392 3352cf 95390->95392 95391 373dfe 95393 33a6c3 22 API calls 95391->95393 95394 3393b2 22 API calls 95392->95394 95396 335304 95393->95396 95395 3352d9 95394->95395 95395->95396 95397 336d25 22 API calls 95395->95397 95398 335349 95396->95398 95399 335325 95396->95399 95415 373e20 95396->95415 95401 3352fa 95397->95401 95425 336d25 95398->95425 95399->95398 95405 334c6d 22 API calls 95399->95405 95403 3393b2 22 API calls 95401->95403 95402 33535a 95404 335370 95402->95404 95438 33a8c7 22 API calls __fread_nolock 95402->95438 95403->95396 95406 335384 95404->95406 95439 33a8c7 22 API calls __fread_nolock 95404->95439 95407 335332 95405->95407 95410 33538f 95406->95410 95442 33a8c7 22 API calls __fread_nolock 95406->95442 95407->95398 95412 336d25 22 API calls 95407->95412 95408 336b57 22 API calls 95417 373ee0 95408->95417 95418 33539a 95410->95418 95443 33a8c7 22 API calls __fread_nolock 95410->95443 95412->95398 95415->95408 95416 334c6d 22 API calls 95416->95417 95417->95398 95417->95416 95441 3349bd 22 API calls __fread_nolock 95417->95441 95418->95155 95420->95155 95421->95155 95422->95161 95423->95166 95424->95166 95426 336d91 95425->95426 95427 336d34 95425->95427 95428 3393b2 22 API calls 95426->95428 95427->95426 95429 336d3f 95427->95429 95430 336d62 __fread_nolock 95428->95430 95431 336d5a 95429->95431 95432 374c9d 95429->95432 95430->95402 95444 336f34 22 API calls 95431->95444 95434 34fddb 22 API calls 95432->95434 95435 374ca7 95434->95435 95436 34fe0b 22 API calls 95435->95436 95437 374cda 95436->95437 95438->95404 95439->95406 95440->95391 95441->95417 95442->95410 95443->95418 95444->95430 95445->95187 95446->95187 95447->95184 95448->95184 95449->95184 95450->95184 95451->95189 95452->95184 95453->95102 95454->95102 95455 383f75 95466 34ceb1 95455->95466 95457 383f8b 95465 384006 95457->95465 95533 34e300 23 API calls 95457->95533 95459 383fe6 95462 384052 95459->95462 95534 3a1abf 22 API calls 95459->95534 95463 384a88 95462->95463 95535 3a359c 82 API calls __wsopen_s 95462->95535 95475 33bf40 95465->95475 95467 34ced2 95466->95467 95468 34cebf 95466->95468 95470 34cf05 95467->95470 95471 34ced7 95467->95471 95469 33aceb 23 API calls 95468->95469 95474 34cec9 95469->95474 95473 33aceb 23 API calls 95470->95473 95472 34fddb 22 API calls 95471->95472 95472->95474 95473->95474 95474->95457 95536 33adf0 95475->95536 95477 33bf9d 95478 33bfa9 95477->95478 95479 3804b6 95477->95479 95481 3804c6 95478->95481 95482 33c01e 95478->95482 95554 3a359c 82 API calls __wsopen_s 95479->95554 95555 3a359c 82 API calls __wsopen_s 95481->95555 95541 33ac91 95482->95541 95486 33c7da 95489 34fe0b 22 API calls 95486->95489 95495 33c808 __fread_nolock 95489->95495 95491 3804f5 95496 38055a 95491->95496 95556 34d217 349 API calls 95491->95556 95494 33af8a 22 API calls 95530 33c039 __fread_nolock messages 95494->95530 95497 34fe0b 22 API calls 95495->95497 95518 33c603 95496->95518 95557 3a359c 82 API calls __wsopen_s 95496->95557 95531 33c350 __fread_nolock messages 95497->95531 95498 397120 22 API calls 95498->95530 95499 38091a 95566 3a3209 23 API calls 95499->95566 95502 33ec40 349 API calls 95502->95530 95503 3808a5 95504 33ec40 349 API calls 95503->95504 95505 3808cf 95504->95505 95505->95518 95564 33a81b 41 API calls 95505->95564 95507 380591 95558 3a359c 82 API calls __wsopen_s 95507->95558 95511 3808f6 95565 3a359c 82 API calls __wsopen_s 95511->95565 95513 33c237 95515 33c253 95513->95515 95567 33a8c7 22 API calls __fread_nolock 95513->95567 95514 33aceb 23 API calls 95514->95530 95520 380976 95515->95520 95524 33c297 messages 95515->95524 95516 34fe0b 22 API calls 95516->95530 95518->95462 95521 33aceb 23 API calls 95520->95521 95522 3809bf 95521->95522 95522->95518 95568 3a359c 82 API calls __wsopen_s 95522->95568 95523 34fddb 22 API calls 95523->95530 95524->95522 95525 33aceb 23 API calls 95524->95525 95526 33c335 95525->95526 95526->95522 95527 33c342 95526->95527 95552 33a704 22 API calls messages 95527->95552 95528 33bbe0 40 API calls 95528->95530 95530->95486 95530->95491 95530->95494 95530->95495 95530->95496 95530->95498 95530->95499 95530->95502 95530->95503 95530->95507 95530->95511 95530->95513 95530->95514 95530->95516 95530->95518 95530->95522 95530->95523 95530->95528 95545 33ad81 95530->95545 95559 397099 22 API calls __fread_nolock 95530->95559 95560 3b5745 54 API calls _wcslen 95530->95560 95561 34aa42 22 API calls messages 95530->95561 95562 39f05c 40 API calls 95530->95562 95563 33a993 41 API calls 95530->95563 95532 33c3ac 95531->95532 95553 34ce17 22 API calls messages 95531->95553 95532->95462 95533->95459 95534->95465 95535->95463 95537 33ae01 95536->95537 95540 33ae1c messages 95536->95540 95538 33aec9 22 API calls 95537->95538 95539 33ae09 CharUpperBuffW 95538->95539 95539->95540 95540->95477 95542 33acae 95541->95542 95543 33acd1 95542->95543 95569 3a359c 82 API calls __wsopen_s 95542->95569 95543->95530 95546 33ad92 95545->95546 95547 37fadb 95545->95547 95548 34fddb 22 API calls 95546->95548 95549 33ad99 95548->95549 95570 33adcd 95549->95570 95552->95531 95553->95531 95554->95481 95555->95518 95556->95496 95557->95518 95558->95518 95559->95530 95560->95530 95561->95530 95562->95530 95563->95530 95564->95511 95565->95518 95566->95513 95567->95515 95568->95518 95569->95543 95574 33addd 95570->95574 95571 33adb6 95571->95530 95572 34fddb 22 API calls 95572->95574 95573 33a961 22 API calls 95573->95574 95574->95571 95574->95572 95574->95573 95576 33adcd 22 API calls 95574->95576 95577 33a8c7 22 API calls __fread_nolock 95574->95577 95576->95574 95577->95574 95578 3503fb 95579 350407 ___scrt_is_nonwritable_in_current_image 95578->95579 95607 34feb1 95579->95607 95581 35040e 95582 350561 95581->95582 95585 350438 95581->95585 95634 35083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95582->95634 95584 350568 95635 354e52 28 API calls _abort 95584->95635 95595 350477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95585->95595 95618 36247d 95585->95618 95587 35056e 95636 354e04 28 API calls _abort 95587->95636 95591 350576 95592 350457 95594 3504d8 95626 350959 95594->95626 95595->95594 95630 354e1a 38 API calls 3 library calls 95595->95630 95598 3504de 95599 3504f3 95598->95599 95631 350992 GetModuleHandleW 95599->95631 95601 3504fa 95601->95584 95602 3504fe 95601->95602 95603 350507 95602->95603 95632 354df5 28 API calls _abort 95602->95632 95633 350040 13 API calls 2 library calls 95603->95633 95606 35050f 95606->95592 95608 34feba 95607->95608 95637 350698 IsProcessorFeaturePresent 95608->95637 95610 34fec6 95638 352c94 10 API calls 3 library calls 95610->95638 95612 34fecb 95613 34fecf 95612->95613 95639 362317 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95612->95639 95613->95581 95615 34fed8 95616 34fee6 95615->95616 95640 352cbd 8 API calls 3 library calls 95615->95640 95616->95581 95621 362494 95618->95621 95620 350451 95620->95592 95622 362421 95620->95622 95641 350a8c 95621->95641 95625 362450 95622->95625 95623 350a8c CatchGuardHandler 5 API calls 95624 362479 95623->95624 95624->95595 95625->95623 95649 352340 95626->95649 95629 35097f 95629->95598 95630->95594 95631->95601 95632->95603 95633->95606 95634->95584 95635->95587 95636->95591 95637->95610 95638->95612 95639->95615 95640->95613 95642 350a95 95641->95642 95643 350a97 IsProcessorFeaturePresent 95641->95643 95642->95620 95645 350c5d 95643->95645 95648 350c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95645->95648 95647 350d40 95647->95620 95648->95647 95650 35096c GetStartupInfoW 95649->95650 95650->95629 95651 33dddc 95654 33b710 95651->95654 95655 33b72b 95654->95655 95656 380146 95655->95656 95658 3800f8 95655->95658 95684 33b750 95655->95684 95696 3b58a2 349 API calls 2 library calls 95656->95696 95660 380102 95658->95660 95663 38010f 95658->95663 95658->95684 95694 3b5d33 349 API calls 95660->95694 95676 33ba20 95663->95676 95695 3b61d0 349 API calls 2 library calls 95663->95695 95665 34d336 40 API calls 95665->95684 95667 3803d9 95667->95667 95671 33ba4e 95672 380322 95699 3b5c0c 82 API calls 95672->95699 95676->95671 95700 3a359c 82 API calls __wsopen_s 95676->95700 95679 33aceb 23 API calls 95679->95684 95680 33bbe0 40 API calls 95680->95684 95681 33ec40 349 API calls 95681->95684 95684->95665 95684->95671 95684->95672 95684->95676 95684->95679 95684->95680 95684->95681 95685 33a81b 41 API calls 95684->95685 95686 34d2f0 40 API calls 95684->95686 95687 34a01b 349 API calls 95684->95687 95688 350242 5 API calls __Init_thread_wait 95684->95688 95689 34edcd 22 API calls 95684->95689 95690 3500a3 29 API calls __onexit 95684->95690 95691 3501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95684->95691 95692 34ee53 82 API calls 95684->95692 95693 34e5ca 349 API calls 95684->95693 95697 38f6bf 23 API calls 95684->95697 95698 33a8c7 22 API calls __fread_nolock 95684->95698 95685->95684 95686->95684 95687->95684 95688->95684 95689->95684 95690->95684 95691->95684 95692->95684 95693->95684 95694->95663 95695->95676 95696->95684 95697->95684 95698->95684 95699->95676 95700->95667 95701 332de3 95702 332df0 __wsopen_s 95701->95702 95703 332e09 95702->95703 95704 372c2b ___scrt_fastfail 95702->95704 95705 333aa2 23 API calls 95703->95705 95706 372c47 GetOpenFileNameW 95704->95706 95707 332e12 95705->95707 95708 372c96 95706->95708 95717 332da5 95707->95717 95710 336b57 22 API calls 95708->95710 95712 372cab 95710->95712 95712->95712 95714 332e27 95735 3344a8 95714->95735 95718 371f50 __wsopen_s 95717->95718 95719 332db2 GetLongPathNameW 95718->95719 95720 336b57 22 API calls 95719->95720 95721 332dda 95720->95721 95722 333598 95721->95722 95723 33a961 22 API calls 95722->95723 95724 3335aa 95723->95724 95725 333aa2 23 API calls 95724->95725 95726 3335b5 95725->95726 95727 3335c0 95726->95727 95728 3732eb 95726->95728 95730 33515f 22 API calls 95727->95730 95732 37330d 95728->95732 95770 34ce60 41 API calls 95728->95770 95731 3335cc 95730->95731 95764 3335f3 95731->95764 95734 3335df 95734->95714 95736 334ecb 94 API calls 95735->95736 95737 3344cd 95736->95737 95738 373833 95737->95738 95739 334ecb 94 API calls 95737->95739 95740 3a2cf9 80 API calls 95738->95740 95741 3344e1 95739->95741 95742 373848 95740->95742 95741->95738 95743 3344e9 95741->95743 95744 37384c 95742->95744 95745 373869 95742->95745 95747 373854 95743->95747 95748 3344f5 95743->95748 95749 334f39 68 API calls 95744->95749 95746 34fe0b 22 API calls 95745->95746 95763 3738ae 95746->95763 95772 39da5a 82 API calls 95747->95772 95771 33940c 136 API calls 2 library calls 95748->95771 95749->95747 95752 332e31 95753 373862 95753->95745 95754 373a5f 95755 334f39 68 API calls 95754->95755 95778 39989b 82 API calls __wsopen_s 95754->95778 95755->95754 95760 339cb3 22 API calls 95760->95763 95763->95754 95763->95760 95773 39967e 22 API calls __fread_nolock 95763->95773 95774 3995ad 42 API calls _wcslen 95763->95774 95775 3a0b5a 22 API calls 95763->95775 95776 33a4a1 22 API calls __fread_nolock 95763->95776 95777 333ff7 22 API calls 95763->95777 95765 333605 95764->95765 95769 333624 __fread_nolock 95764->95769 95767 34fe0b 22 API calls 95765->95767 95766 34fddb 22 API calls 95768 33363b 95766->95768 95767->95769 95768->95734 95769->95766 95770->95728 95771->95752 95772->95753 95773->95763 95774->95763 95775->95763 95776->95763 95777->95763 95778->95754 95779 372ba5 95780 332b25 95779->95780 95781 372baf 95779->95781 95807 332b83 7 API calls 95780->95807 95783 333a5a 24 API calls 95781->95783 95785 372bb8 95783->95785 95787 339cb3 22 API calls 95785->95787 95789 372bc6 95787->95789 95788 332b2f 95790 332b44 95788->95790 95794 333837 49 API calls 95788->95794 95791 372bf5 95789->95791 95792 372bce 95789->95792 95799 332b5f 95790->95799 95811 3330f2 Shell_NotifyIconW ___scrt_fastfail 95790->95811 95793 3333c6 22 API calls 95791->95793 95795 3333c6 22 API calls 95792->95795 95806 372bf1 GetForegroundWindow ShellExecuteW 95793->95806 95794->95790 95796 372bd9 95795->95796 95797 336350 22 API calls 95796->95797 95800 372be7 95797->95800 95804 332b66 SetCurrentDirectoryW 95799->95804 95803 3333c6 22 API calls 95800->95803 95801 372c26 95801->95799 95803->95806 95805 332b7a 95804->95805 95806->95801 95812 332cd4 7 API calls 95807->95812 95809 332b2a 95810 332c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95809->95810 95810->95788 95811->95799 95812->95809 95813 368402 95818 3681be 95813->95818 95816 36842a 95823 3681ef try_get_first_available_module 95818->95823 95820 3683ee 95837 3627ec 26 API calls pre_c_initialization 95820->95837 95822 368343 95822->95816 95830 370984 95822->95830 95829 368338 95823->95829 95833 358e0b 40 API calls 2 library calls 95823->95833 95825 36838c 95825->95829 95834 358e0b 40 API calls 2 library calls 95825->95834 95827 3683ab 95827->95829 95835 358e0b 40 API calls 2 library calls 95827->95835 95829->95822 95836 35f2d9 20 API calls _free 95829->95836 95838 370081 95830->95838 95832 37099f 95832->95816 95833->95825 95834->95827 95835->95829 95836->95820 95837->95822 95839 37008d ___scrt_is_nonwritable_in_current_image 95838->95839 95840 37009b 95839->95840 95842 3700d4 95839->95842 95895 35f2d9 20 API calls _free 95840->95895 95849 37065b 95842->95849 95843 3700a0 95896 3627ec 26 API calls pre_c_initialization 95843->95896 95848 3700aa __wsopen_s 95848->95832 95850 370678 95849->95850 95851 3706a6 95850->95851 95852 37068d 95850->95852 95898 365221 95851->95898 95912 35f2c6 20 API calls _free 95852->95912 95855 370692 95913 35f2d9 20 API calls _free 95855->95913 95856 3706ab 95857 3706b4 95856->95857 95858 3706cb 95856->95858 95914 35f2c6 20 API calls _free 95857->95914 95911 37039a CreateFileW 95858->95911 95862 3706b9 95915 35f2d9 20 API calls _free 95862->95915 95863 3700f8 95897 370121 LeaveCriticalSection __wsopen_s 95863->95897 95865 370781 GetFileType 95867 3707d3 95865->95867 95868 37078c GetLastError 95865->95868 95866 370756 GetLastError 95917 35f2a3 20 API calls 2 library calls 95866->95917 95920 36516a 21 API calls 3 library calls 95867->95920 95918 35f2a3 20 API calls 2 library calls 95868->95918 95870 370704 95870->95865 95870->95866 95916 37039a CreateFileW 95870->95916 95872 37079a CloseHandle 95872->95855 95874 3707c3 95872->95874 95919 35f2d9 20 API calls _free 95874->95919 95876 370749 95876->95865 95876->95866 95878 3707f4 95880 370840 95878->95880 95921 3705ab 72 API calls 4 library calls 95878->95921 95879 3707c8 95879->95855 95885 37086d 95880->95885 95922 37014d 72 API calls 4 library calls 95880->95922 95883 370866 95884 37087e 95883->95884 95883->95885 95884->95863 95887 3708fc CloseHandle 95884->95887 95886 3686ae __wsopen_s 29 API calls 95885->95886 95886->95863 95923 37039a CreateFileW 95887->95923 95889 370927 95890 370931 GetLastError 95889->95890 95894 37095d 95889->95894 95924 35f2a3 20 API calls 2 library calls 95890->95924 95892 37093d 95925 365333 21 API calls 3 library calls 95892->95925 95894->95863 95895->95843 95896->95848 95897->95848 95899 36522d ___scrt_is_nonwritable_in_current_image 95898->95899 95926 362f5e EnterCriticalSection 95899->95926 95901 36527b 95927 36532a 95901->95927 95902 365234 95902->95901 95903 365259 95902->95903 95908 3652c7 EnterCriticalSection 95902->95908 95930 365000 21 API calls 2 library calls 95903->95930 95906 3652a4 __wsopen_s 95906->95856 95907 36525e 95907->95901 95931 365147 EnterCriticalSection 95907->95931 95908->95901 95909 3652d4 LeaveCriticalSection 95908->95909 95909->95902 95911->95870 95912->95855 95913->95863 95914->95862 95915->95855 95916->95876 95917->95855 95918->95872 95919->95879 95920->95878 95921->95880 95922->95883 95923->95889 95924->95892 95925->95894 95926->95902 95932 362fa6 LeaveCriticalSection 95927->95932 95929 365331 95929->95906 95930->95907 95931->95901 95932->95929 95933 331044 95938 3310f3 95933->95938 95935 33104a 95974 3500a3 29 API calls __onexit 95935->95974 95937 331054 95975 331398 95938->95975 95942 33116a 95943 33a961 22 API calls 95942->95943 95944 331174 95943->95944 95945 33a961 22 API calls 95944->95945 95946 33117e 95945->95946 95947 33a961 22 API calls 95946->95947 95948 331188 95947->95948 95949 33a961 22 API calls 95948->95949 95950 3311c6 95949->95950 95951 33a961 22 API calls 95950->95951 95952 331292 95951->95952 95985 33171c 95952->95985 95956 3312c4 95957 33a961 22 API calls 95956->95957 95958 3312ce 95957->95958 95959 341940 9 API calls 95958->95959 95960 3312f9 95959->95960 96006 331aab 95960->96006 95962 331315 95963 331325 GetStdHandle 95962->95963 95964 372485 95963->95964 95966 33137a 95963->95966 95965 37248e 95964->95965 95964->95966 95967 34fddb 22 API calls 95965->95967 95968 331387 OleInitialize 95966->95968 95969 372495 95967->95969 95968->95935 96013 3a011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95969->96013 95971 37249e 96014 3a0944 CreateThread 95971->96014 95973 3724aa CloseHandle 95973->95966 95974->95937 96015 3313f1 95975->96015 95978 3313f1 22 API calls 95979 3313d0 95978->95979 95980 33a961 22 API calls 95979->95980 95981 3313dc 95980->95981 95982 336b57 22 API calls 95981->95982 95983 331129 95982->95983 95984 331bc3 6 API calls 95983->95984 95984->95942 95986 33a961 22 API calls 95985->95986 95987 33172c 95986->95987 95988 33a961 22 API calls 95987->95988 95989 331734 95988->95989 95990 33a961 22 API calls 95989->95990 95991 33174f 95990->95991 95992 34fddb 22 API calls 95991->95992 95993 33129c 95992->95993 95994 331b4a 95993->95994 95995 331b58 95994->95995 95996 33a961 22 API calls 95995->95996 95997 331b63 95996->95997 95998 33a961 22 API calls 95997->95998 95999 331b6e 95998->95999 96000 33a961 22 API calls 95999->96000 96001 331b79 96000->96001 96002 33a961 22 API calls 96001->96002 96003 331b84 96002->96003 96004 34fddb 22 API calls 96003->96004 96005 331b96 RegisterWindowMessageW 96004->96005 96005->95956 96007 331abb 96006->96007 96008 37272d 96006->96008 96010 34fddb 22 API calls 96007->96010 96022 3a3209 23 API calls 96008->96022 96011 331ac3 96010->96011 96011->95962 96012 372738 96013->95971 96014->95973 96023 3a092a 28 API calls 96014->96023 96016 33a961 22 API calls 96015->96016 96017 3313fc 96016->96017 96018 33a961 22 API calls 96017->96018 96019 331404 96018->96019 96020 33a961 22 API calls 96019->96020 96021 3313c6 96020->96021 96021->95978 96022->96012 96024 382a00 96040 33d7b0 messages 96024->96040 96025 33db11 PeekMessageW 96025->96040 96026 33d807 GetInputState 96026->96025 96026->96040 96028 381cbe TranslateAcceleratorW 96028->96040 96029 33da04 timeGetTime 96029->96040 96030 33db73 TranslateMessage DispatchMessageW 96031 33db8f PeekMessageW 96030->96031 96031->96040 96032 33dbaf Sleep 96032->96040 96033 382b74 Sleep 96046 382ae5 96033->96046 96036 381dda timeGetTime 96070 34e300 23 API calls 96036->96070 96039 382c0b GetExitCodeProcess 96042 382c21 WaitForSingleObject 96039->96042 96043 382c37 CloseHandle 96039->96043 96040->96025 96040->96026 96040->96028 96040->96029 96040->96030 96040->96031 96040->96032 96040->96033 96040->96036 96044 33d9d5 96040->96044 96045 3c29bf GetForegroundWindow 96040->96045 96040->96046 96052 33ec40 349 API calls 96040->96052 96053 341310 349 API calls 96040->96053 96054 33bf40 349 API calls 96040->96054 96056 33dd50 96040->96056 96063 34edf6 96040->96063 96068 33dfd0 349 API calls 3 library calls 96040->96068 96069 34e551 timeGetTime 96040->96069 96071 3a3a2a 23 API calls 96040->96071 96072 3a359c 82 API calls __wsopen_s 96040->96072 96042->96040 96042->96043 96043->96046 96045->96040 96046->96039 96046->96040 96046->96044 96047 382ca9 Sleep 96046->96047 96073 3b5658 23 API calls 96046->96073 96074 39e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96046->96074 96075 34e551 timeGetTime 96046->96075 96076 39d4dc 47 API calls 96046->96076 96047->96040 96052->96040 96053->96040 96054->96040 96057 33dd83 96056->96057 96058 33dd6f 96056->96058 96109 3a359c 82 API calls __wsopen_s 96057->96109 96077 33d260 96058->96077 96061 33dd7a 96061->96040 96062 382f75 96062->96062 96064 34ee09 96063->96064 96066 34ee12 96063->96066 96064->96040 96065 34ee36 IsDialogMessageW 96065->96064 96065->96066 96066->96064 96066->96065 96067 38efaf GetClassLongW 96066->96067 96067->96065 96067->96066 96068->96040 96069->96040 96070->96040 96071->96040 96072->96040 96073->96046 96074->96046 96075->96046 96076->96046 96078 33ec40 349 API calls 96077->96078 96094 33d29d 96078->96094 96079 381bc4 96116 3a359c 82 API calls __wsopen_s 96079->96116 96081 33d6d5 96083 33d30b messages 96081->96083 96092 34fe0b 22 API calls 96081->96092 96082 33d3c3 96082->96081 96085 33d3ce 96082->96085 96083->96061 96084 33d5ff 96086 33d614 96084->96086 96087 381bb5 96084->96087 96089 34fddb 22 API calls 96085->96089 96090 34fddb 22 API calls 96086->96090 96115 3b5705 23 API calls 96087->96115 96088 33d4b8 96093 34fe0b 22 API calls 96088->96093 96098 33d3d5 __fread_nolock 96089->96098 96101 33d46a 96090->96101 96092->96098 96104 33d429 __fread_nolock messages 96093->96104 96094->96079 96094->96081 96094->96082 96094->96083 96094->96088 96096 34fddb 22 API calls 96094->96096 96094->96104 96095 34fddb 22 API calls 96097 33d3f6 96095->96097 96096->96094 96097->96104 96110 33bec0 349 API calls 96097->96110 96098->96095 96098->96097 96100 381ba4 96114 3a359c 82 API calls __wsopen_s 96100->96114 96101->96061 96104->96084 96104->96100 96104->96101 96105 381b7f 96104->96105 96107 381b5d 96104->96107 96111 331f6f 349 API calls 96104->96111 96113 3a359c 82 API calls __wsopen_s 96105->96113 96112 3a359c 82 API calls __wsopen_s 96107->96112 96109->96062 96110->96104 96111->96104 96112->96101 96113->96101 96114->96101 96115->96079 96116->96083 96117 331cad SystemParametersInfoW

                                                          Executed Functions

                                                          Function 003342DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 389 3342de-33434d call 33a961 GetVersionExW call 336b57 394 373617-37362a 389->394 395 334353 389->395 397 37362b-37362f 394->397 396 334355-334357 395->396 398 373656 396->398 399 33435d-3343bc call 3393b2 call 3337a0 396->399 400 373632-37363e 397->400 401 373631 397->401 404 37365d-373660 398->404 418 3343c2-3343c4 399->418 419 3737df-3737e6 399->419 400->397 403 373640-373642 400->403 401->400 403->396 406 373648-37364f 403->406 407 373666-3736a8 404->407 408 33441b-334435 GetCurrentProcess IsWow64Process 404->408 406->394 410 373651 406->410 407->408 411 3736ae-3736b1 407->411 413 334437 408->413 414 334494-33449a 408->414 410->398 416 3736b3-3736bd 411->416 417 3736db-3736e5 411->417 415 33443d-334449 413->415 414->415 420 373824-373828 GetSystemInfo 415->420 421 33444f-33445e LoadLibraryA 415->421 422 3736bf-3736c5 416->422 423 3736ca-3736d6 416->423 425 3736e7-3736f3 417->425 426 3736f8-373702 417->426 418->404 424 3343ca-3343dd 418->424 427 373806-373809 419->427 428 3737e8 419->428 429 334460-33446e GetProcAddress 421->429 430 33449c-3344a6 GetSystemInfo 421->430 422->408 423->408 431 3343e3-3343e5 424->431 432 373726-37372f 424->432 425->408 434 373715-373721 426->434 435 373704-373710 426->435 436 3737f4-3737fc 427->436 437 37380b-37381a 427->437 433 3737ee 428->433 429->430 439 334470-334474 GetNativeSystemInfo 429->439 440 334476-334478 430->440 441 3343eb-3343ee 431->441 442 37374d-373762 431->442 443 373731-373737 432->443 444 37373c-373748 432->444 433->436 434->408 435->408 436->427 437->433 438 37381c-373822 437->438 438->436 439->440 447 334481-334493 440->447 448 33447a-33447b FreeLibrary 440->448 449 373791-373794 441->449 450 3343f4-33440f 441->450 445 373764-37376a 442->445 446 37376f-37377b 442->446 443->408 444->408 445->408 446->408 448->447 449->408 451 37379a-3737c1 449->451 452 334415 450->452 453 373780-37378c 450->453 454 3737c3-3737c9 451->454 455 3737ce-3737da 451->455 452->408 453->408 454->408 455->408
                                                          APIs
                                                          • GetVersionExW.KERNEL32(?), ref: 0033430D
                                                            • Part of subcall function 00336B57: _wcslen.LIBCMT ref: 00336B6A
                                                          • GetCurrentProcess.KERNEL32(?,003CCB64,00000000,?,?), ref: 00334422
                                                          • IsWow64Process.KERNEL32(00000000,?,?), ref: 00334429
                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00334454
                                                          • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00334466
                                                          • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00334474
                                                          • FreeLibrary.KERNEL32(00000000,?,?), ref: 0033447B
                                                          • GetSystemInfo.KERNEL32(?,?,?), ref: 003344A0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                          • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                          • API String ID: 3290436268-3101561225
                                                          • Opcode ID: 4d0d03470150862beeac6b7e1cf87356d5eab0abcfba59b1b0ab6dd7f884f421
                                                          • Instruction ID: 6330e2413d45885af5e8023fbe68d421b5665a6b92e2d8e15fde8dc79b87d354
                                                          • Opcode Fuzzy Hash: 4d0d03470150862beeac6b7e1cf87356d5eab0abcfba59b1b0ab6dd7f884f421
                                                          • Instruction Fuzzy Hash: 5FA1B87192A2C0DFE727C76A7EC15957FE87B26300F0894B9E885F3A32D2345914DB29
                                                          Function 003342A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 861 3342a2-3342ba CreateStreamOnHGlobal 862 3342da-3342dd 861->862 863 3342bc-3342d3 FindResourceExW 861->863 864 3342d9 863->864 865 3735ba-3735c9 LoadResource 863->865 864->862 865->864 866 3735cf-3735dd SizeofResource 865->866 866->864 867 3735e3-3735ee LockResource 866->867 867->864 868 3735f4-373612 867->868 868->864
                                                          APIs
                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,003350AA,?,?,00000000,00000000), ref: 003342B2
                                                          • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,003350AA,?,?,00000000,00000000), ref: 003342C9
                                                          • LoadResource.KERNEL32(?,00000000,?,?,003350AA,?,?,00000000,00000000,?,?,?,?,?,?,00334F20), ref: 003735BE
                                                          • SizeofResource.KERNEL32(?,00000000,?,?,003350AA,?,?,00000000,00000000,?,?,?,?,?,?,00334F20), ref: 003735D3
                                                          • LockResource.KERNEL32(003350AA,?,?,003350AA,?,?,00000000,00000000,?,?,?,?,?,?,00334F20,?), ref: 003735E6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                          • String ID: SCRIPT
                                                          • API String ID: 3051347437-3967369404
                                                          • Opcode ID: 66416d8bd0581f03bdee432686227283083aff62fb32698c9a84c54625863c25
                                                          • Instruction ID: 3ef04f97af142eeb93259d9b2add555444f35f51f00ca5425217e8decba28034
                                                          • Opcode Fuzzy Hash: 66416d8bd0581f03bdee432686227283083aff62fb32698c9a84c54625863c25
                                                          • Instruction Fuzzy Hash: FF115A70200700AFDB228BA6DC88F677BBDEBC6B51F158969F416D6650DB71EC008B20
                                                          Function 00372BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00332B6B
                                                            • Part of subcall function 00333A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00401418,?,00332E7F,?,?,?,00000000), ref: 00333A78
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                          • GetForegroundWindow.USER32(runas,?,?,?,?,?,003F2224), ref: 00372C10
                                                          • ShellExecuteW.SHELL32(00000000,?,?,003F2224), ref: 00372C17
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                          • String ID: runas
                                                          • API String ID: 448630720-4000483414
                                                          • Opcode ID: 306ce0a178b8bfad8bbdc37a215a00fd35a7f666442059b4ec7009bb8e7bdd6e
                                                          • Instruction ID: a3c28b5b15a01c791280222b21edfa5fd349a1956df03e86cc24d857c66d3143
                                                          • Opcode Fuzzy Hash: 306ce0a178b8bfad8bbdc37a215a00fd35a7f666442059b4ec7009bb8e7bdd6e
                                                          • Instruction Fuzzy Hash: 50118131208345AAC717FF60D8D2ABFB7A89B91351F44942DF1865B0B2CF759A49C712
                                                          Function 003BA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 003BA6AC
                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 003BA6BA
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                          • Process32NextW.KERNEL32(00000000,?), ref: 003BA79C
                                                          • CloseHandle.KERNELBASE(00000000), ref: 003BA7AB
                                                            • Part of subcall function 0034CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00373303,?), ref: 0034CE8A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                          • String ID:
                                                          • API String ID: 1991900642-0
                                                          • Opcode ID: 4a19bb895497c8c94efa02eedbc659cf9f0b48d813d8942999259e5d4366fe6c
                                                          • Instruction ID: 7048ec05c7541bc8f3ef34f6fd1d815a2bcdab33873b74f8d3527209a8f8e499
                                                          • Opcode Fuzzy Hash: 4a19bb895497c8c94efa02eedbc659cf9f0b48d813d8942999259e5d4366fe6c
                                                          • Instruction Fuzzy Hash: 4B514C75508700AFD711EF25C886A6BBBE8FF89754F00891DF589DB261EB70E904CB92
                                                          Function 0039DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1361 39dbbe-39dbda lstrlenW 1362 39dbdc-39dbe6 GetFileAttributesW 1361->1362 1363 39dc06 1361->1363 1364 39dc09-39dc0d 1362->1364 1365 39dbe8-39dbf7 FindFirstFileW 1362->1365 1363->1364 1365->1363 1366 39dbf9-39dc04 FindClose 1365->1366 1366->1364
                                                          APIs
                                                          • lstrlenW.KERNEL32(?,00375222), ref: 0039DBCE
                                                          • GetFileAttributesW.KERNELBASE(?), ref: 0039DBDD
                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0039DBEE
                                                          • FindClose.KERNEL32(00000000), ref: 0039DBFA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: FileFind$AttributesCloseFirstlstrlen
                                                          • String ID:
                                                          • API String ID: 2695905019-0
                                                          • Opcode ID: 38ae7f8485859a12ff871625180a61c1c8502668702c6c87eccabd0f816d2e6a
                                                          • Instruction ID: 5b66ef17c9aa3a1d7ebeb23661e918b28b261a40e82eddf5222d95b36d712c03
                                                          • Opcode Fuzzy Hash: 38ae7f8485859a12ff871625180a61c1c8502668702c6c87eccabd0f816d2e6a
                                                          • Instruction Fuzzy Hash: 9BF0A03082091057CA226B78EC0E8AA776C9E01334F144B02F83AC20E0EBB069558A95
                                                          Function 0033BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: BuffCharUpper
                                                          • String ID: p#@
                                                          • API String ID: 3964851224-1673889715
                                                          • Opcode ID: 7df3b0a5d1f083910ee5ee8b466a09b25c1ebb359d646e80442321f1cee1547d
                                                          • Instruction ID: 1fafbfc7ce4f8d816448757dc00fd0adf153c54e1969fb25d0886eae310f89fb
                                                          • Opcode Fuzzy Hash: 7df3b0a5d1f083910ee5ee8b466a09b25c1ebb359d646e80442321f1cee1547d
                                                          • Instruction Fuzzy Hash: 54A279706083418FC756DF28C4C0B2ABBE5BF89304F15996DE89A9B352D771EC45CB92
                                                          Function 003BAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 3baff9-3bb056 call 352340 3 3bb058-3bb06b call 33b567 0->3 4 3bb094-3bb098 0->4 12 3bb0c8 3->12 13 3bb06d-3bb092 call 33b567 * 2 3->13 5 3bb09a-3bb0bb call 33b567 * 2 4->5 6 3bb0dd-3bb0e0 4->6 30 3bb0bf-3bb0c4 5->30 9 3bb0e2-3bb0e5 6->9 10 3bb0f5-3bb119 call 337510 call 337620 6->10 14 3bb0e8-3bb0ed call 33b567 9->14 32 3bb1d8-3bb1e0 10->32 33 3bb11f-3bb178 call 337510 call 337620 call 337510 call 337620 call 337510 call 337620 10->33 21 3bb0cb-3bb0cf 12->21 13->30 14->10 22 3bb0d9-3bb0db 21->22 23 3bb0d1-3bb0d7 21->23 22->6 22->10 23->14 30->6 34 3bb0c6 30->34 35 3bb20a-3bb238 GetCurrentDirectoryW call 34fe0b GetCurrentDirectoryW 32->35 36 3bb1e2-3bb1fd call 337510 call 337620 32->36 82 3bb17a-3bb195 call 337510 call 337620 33->82 83 3bb1a6-3bb1d6 GetSystemDirectoryW call 34fe0b GetSystemDirectoryW 33->83 34->21 44 3bb23c 35->44 36->35 53 3bb1ff-3bb208 call 354963 36->53 47 3bb240-3bb244 44->47 50 3bb246-3bb270 call 339c6e * 3 47->50 51 3bb275-3bb285 call 3a00d9 47->51 50->51 64 3bb28b-3bb2e1 call 3a07c0 call 3a06e6 call 3a05a7 51->64 65 3bb287-3bb289 51->65 53->35 53->51 68 3bb2ee-3bb2f2 64->68 96 3bb2e3 64->96 65->68 70 3bb39a-3bb3be CreateProcessW 68->70 71 3bb2f8-3bb321 call 3911c8 68->71 75 3bb3c1-3bb3d4 call 34fe14 * 2 70->75 87 3bb32a call 3914ce 71->87 88 3bb323-3bb328 call 391201 71->88 101 3bb42f-3bb43d CloseHandle 75->101 102 3bb3d6-3bb3e8 75->102 82->83 109 3bb197-3bb1a0 call 354963 82->109 83->44 100 3bb32f-3bb33c call 354963 87->100 88->100 96->68 111 3bb33e-3bb345 100->111 112 3bb347-3bb357 call 354963 100->112 105 3bb43f-3bb444 101->105 106 3bb49c 101->106 107 3bb3ea 102->107 108 3bb3ed-3bb3fc 102->108 113 3bb451-3bb456 105->113 114 3bb446-3bb44c CloseHandle 105->114 117 3bb4a0-3bb4a4 106->117 107->108 115 3bb3fe 108->115 116 3bb401-3bb42a GetLastError call 33630c call 33cfa0 108->116 109->47 109->83 111->111 111->112 134 3bb359-3bb360 112->134 135 3bb362-3bb372 call 354963 112->135 121 3bb458-3bb45e CloseHandle 113->121 122 3bb463-3bb468 113->122 114->113 115->116 130 3bb4e5-3bb4f6 call 3a0175 116->130 124 3bb4b2-3bb4bc 117->124 125 3bb4a6-3bb4b0 117->125 121->122 127 3bb46a-3bb470 CloseHandle 122->127 128 3bb475-3bb49a call 3a09d9 call 3bb536 122->128 131 3bb4be 124->131 132 3bb4c4-3bb4e3 call 33cfa0 CloseHandle 124->132 125->130 127->128 128->117 131->132 132->130 134->134 134->135 146 3bb37d-3bb398 call 34fe14 * 3 135->146 147 3bb374-3bb37b 135->147 146->75 147->146 147->147
                                                          APIs
                                                          • _wcslen.LIBCMT ref: 003BB198
                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 003BB1B0
                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 003BB1D4
                                                          • _wcslen.LIBCMT ref: 003BB200
                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 003BB214
                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 003BB236
                                                          • _wcslen.LIBCMT ref: 003BB332
                                                            • Part of subcall function 003A05A7: GetStdHandle.KERNEL32(000000F6), ref: 003A05C6
                                                          • _wcslen.LIBCMT ref: 003BB34B
                                                          • _wcslen.LIBCMT ref: 003BB366
                                                          • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 003BB3B6
                                                          • GetLastError.KERNEL32(00000000), ref: 003BB407
                                                          • CloseHandle.KERNEL32(?), ref: 003BB439
                                                          • CloseHandle.KERNEL32(00000000), ref: 003BB44A
                                                          • CloseHandle.KERNEL32(00000000), ref: 003BB45C
                                                          • CloseHandle.KERNEL32(00000000), ref: 003BB46E
                                                          • CloseHandle.KERNEL32(?), ref: 003BB4E3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                          • String ID:
                                                          • API String ID: 2178637699-0
                                                          • Opcode ID: 53382ce0d75f5a91b2b5dc57d579eb66b6c477acc1203dd67a979565d5dd5ca7
                                                          • Instruction ID: b2f0b13c42bae23d9d8f28f58a0f4f9fce3a4ce17b272bfb8beb92b7916097c5
                                                          • Opcode Fuzzy Hash: 53382ce0d75f5a91b2b5dc57d579eb66b6c477acc1203dd67a979565d5dd5ca7
                                                          • Instruction Fuzzy Hash: 04F1AF315043009FC726EF24C891B6EBBE4AF85318F19895DF9999F2A2CB71EC44CB52
                                                          Function 0033D730 Relevance: 21.6, APIs: 14, Instructions: 631windowsleeptimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetInputState.USER32 ref: 0033D807
                                                          • timeGetTime.WINMM ref: 0033DA07
                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0033DB28
                                                          • TranslateMessage.USER32(?), ref: 0033DB7B
                                                          • DispatchMessageW.USER32(?), ref: 0033DB89
                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0033DB9F
                                                          • Sleep.KERNELBASE(0000000A), ref: 0033DBB1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                          • String ID:
                                                          • API String ID: 2189390790-0
                                                          • Opcode ID: 1cbe2a362529e76bc0adea908b3730ac15b4e9cb3dcadf0cad3db00eb5bd5294
                                                          • Instruction ID: 79df7216a669ff6a6eb20735f1b3d2cec8a6e5b36a757ccad92f430fbb3ecb02
                                                          • Opcode Fuzzy Hash: 1cbe2a362529e76bc0adea908b3730ac15b4e9cb3dcadf0cad3db00eb5bd5294
                                                          • Instruction Fuzzy Hash: D942D070608341EFD72BDF24D884FAAB7E5BF86304F1585A9F4568B2A1D770E844CB92
                                                          Function 00332CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetSysColorBrush.USER32(0000000F), ref: 00332D07
                                                          • RegisterClassExW.USER32(00000030), ref: 00332D31
                                                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00332D42
                                                          • InitCommonControlsEx.COMCTL32(?), ref: 00332D5F
                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00332D6F
                                                          • LoadIconW.USER32(000000A9), ref: 00332D85
                                                          • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00332D94
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                          • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                          • API String ID: 2914291525-1005189915
                                                          • Opcode ID: 9b1c91bce20f481df113200419c43a87cae09849ee436dd80feb8d800f655328
                                                          • Instruction ID: abee9cb7ef13f2bde5fce441c5f821bba2b0dc48bf862b4628ddfd8a34d079ad
                                                          • Opcode Fuzzy Hash: 9b1c91bce20f481df113200419c43a87cae09849ee436dd80feb8d800f655328
                                                          • Instruction Fuzzy Hash: EA21A0B5911218AFDB019FA4E949B9DBBB8FB08700F00512AEA15F62A0D7B15544CF95
                                                          Function 0037065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 457 37065b-37068b call 37042f 460 3706a6-3706b2 call 365221 457->460 461 37068d-370698 call 35f2c6 457->461 467 3706b4-3706c9 call 35f2c6 call 35f2d9 460->467 468 3706cb-370714 call 37039a 460->468 466 37069a-3706a1 call 35f2d9 461->466 478 37097d-370983 466->478 467->466 476 370716-37071f 468->476 477 370781-37078a GetFileType 468->477 480 370756-37077c GetLastError call 35f2a3 476->480 481 370721-370725 476->481 482 3707d3-3707d6 477->482 483 37078c-3707bd GetLastError call 35f2a3 CloseHandle 477->483 480->466 481->480 487 370727-370754 call 37039a 481->487 485 3707df-3707e5 482->485 486 3707d8-3707dd 482->486 483->466 494 3707c3-3707ce call 35f2d9 483->494 490 3707e9-370837 call 36516a 485->490 491 3707e7 485->491 486->490 487->477 487->480 500 370847-37086b call 37014d 490->500 501 370839-370845 call 3705ab 490->501 491->490 494->466 506 37087e-3708c1 500->506 507 37086d 500->507 501->500 508 37086f-370879 call 3686ae 501->508 510 3708c3-3708c7 506->510 511 3708e2-3708f0 506->511 507->508 508->478 510->511 513 3708c9-3708dd 510->513 514 3708f6-3708fa 511->514 515 37097b 511->515 513->511 514->515 516 3708fc-37092f CloseHandle call 37039a 514->516 515->478 519 370963-370977 516->519 520 370931-37095d GetLastError call 35f2a3 call 365333 516->520 519->515 520->519
                                                          APIs
                                                            • Part of subcall function 0037039A: CreateFileW.KERNELBASE(00000000,00000000,?,00370704,?,?,00000000,?,00370704,00000000,0000000C), ref: 003703B7
                                                          • GetLastError.KERNEL32 ref: 0037076F
                                                          • __dosmaperr.LIBCMT ref: 00370776
                                                          • GetFileType.KERNELBASE(00000000), ref: 00370782
                                                          • GetLastError.KERNEL32 ref: 0037078C
                                                          • __dosmaperr.LIBCMT ref: 00370795
                                                          • CloseHandle.KERNEL32(00000000), ref: 003707B5
                                                          • CloseHandle.KERNEL32(?), ref: 003708FF
                                                          • GetLastError.KERNEL32 ref: 00370931
                                                          • __dosmaperr.LIBCMT ref: 00370938
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                          • String ID: H
                                                          • API String ID: 4237864984-2852464175
                                                          • Opcode ID: 5fb936d258de9a6b3f5542c0cca5b1fd16188ee310c7dd3c48718334ec422252
                                                          • Instruction ID: 8d460e997890fe5fb00a014edb5e071f0603a0f68850b1f0421615b5a415ce36
                                                          • Opcode Fuzzy Hash: 5fb936d258de9a6b3f5542c0cca5b1fd16188ee310c7dd3c48718334ec422252
                                                          • Instruction Fuzzy Hash: 8DA12836A101448FDF2E9F68D851BAD7BA0EB06320F14815DF859EF2A1CB399812CB91
                                                          Function 0033344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 00333A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00401418,?,00332E7F,?,?,?,00000000), ref: 00333A78
                                                            • Part of subcall function 00333357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00333379
                                                          • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0033356A
                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0037318D
                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 003731CE
                                                          • RegCloseKey.ADVAPI32(?), ref: 00373210
                                                          • _wcslen.LIBCMT ref: 00373277
                                                          • _wcslen.LIBCMT ref: 00373286
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                          • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                          • API String ID: 98802146-2727554177
                                                          • Opcode ID: db012c8be3417987ff879aa9ec6fc16877dd83cc38351801430c26c799af6cb7
                                                          • Instruction ID: bad5da69b8f479994890d527d9a5898e3148165fe41895205e224268a54c6774
                                                          • Opcode Fuzzy Hash: db012c8be3417987ff879aa9ec6fc16877dd83cc38351801430c26c799af6cb7
                                                          • Instruction Fuzzy Hash: DF7191714043009EC316EF65DE8599BB7E8FF85340F40583EF949EB1A1DBB49A48CB55
                                                          Function 00332B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetSysColorBrush.USER32(0000000F), ref: 00332B8E
                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00332B9D
                                                          • LoadIconW.USER32(00000063), ref: 00332BB3
                                                          • LoadIconW.USER32(000000A4), ref: 00332BC5
                                                          • LoadIconW.USER32(000000A2), ref: 00332BD7
                                                          • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00332BEF
                                                          • RegisterClassExW.USER32(?), ref: 00332C40
                                                            • Part of subcall function 00332CD4: GetSysColorBrush.USER32(0000000F), ref: 00332D07
                                                            • Part of subcall function 00332CD4: RegisterClassExW.USER32(00000030), ref: 00332D31
                                                            • Part of subcall function 00332CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00332D42
                                                            • Part of subcall function 00332CD4: InitCommonControlsEx.COMCTL32(?), ref: 00332D5F
                                                            • Part of subcall function 00332CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00332D6F
                                                            • Part of subcall function 00332CD4: LoadIconW.USER32(000000A9), ref: 00332D85
                                                            • Part of subcall function 00332CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00332D94
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                          • String ID: #$0$AutoIt v3
                                                          • API String ID: 423443420-4155596026
                                                          • Opcode ID: 8b8d22b40dbfe2a97e003a17c687f075f1123f33b039a7f10c735cf3c5cea658
                                                          • Instruction ID: 05f6c6458baa9414931b0625720bfe8fe44a216d83bb908bfe56fb9465286d96
                                                          • Opcode Fuzzy Hash: 8b8d22b40dbfe2a97e003a17c687f075f1123f33b039a7f10c735cf3c5cea658
                                                          • Instruction Fuzzy Hash: A9213974E10314AFEB119FA5EE85AA97FF8FB08B50F04002AF905B66B0D3B11540CF98
                                                          Function 0033B710 Relevance: 16.3, APIs: 1, Strings: 8, Instructions: 587COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __Init_thread_footer.LIBCMT ref: 0033BB4E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Init_thread_footer
                                                          • String ID: p#@$p#@$p#@$p#@$p%@$p%@$x#@$x#@
                                                          • API String ID: 1385522511-2640102361
                                                          • Opcode ID: 16227b19088ccd05e605973e40d34eb39e6341e740269894d7b3b8a92bd04aef
                                                          • Instruction ID: 30e1b6f4eced2aa9129bafaf2233c692c5d58276f8f57802418a457c671f0369
                                                          • Opcode Fuzzy Hash: 16227b19088ccd05e605973e40d34eb39e6341e740269894d7b3b8a92bd04aef
                                                          • Instruction Fuzzy Hash: 6132EF34A00209DFCB26DF64C9C8BBEB7B9EF44310F158099EE15AB291C7B4AD45CB50
                                                          Function 00333170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 805 333170-333185 806 333187-33318a 805->806 807 3331e5-3331e7 805->807 809 3331eb 806->809 810 33318c-333193 806->810 807->806 808 3331e9 807->808 811 3331d0-3331d8 DefWindowProcW 808->811 812 3331f1-3331f6 809->812 813 372dfb-372e23 call 3318e2 call 34e499 809->813 814 333265-33326d PostQuitMessage 810->814 815 333199-33319e 810->815 816 3331de-3331e4 811->816 818 3331f8-3331fb 812->818 819 33321d-333244 SetTimer RegisterWindowMessageW 812->819 847 372e28-372e2f 813->847 817 333219-33321b 814->817 821 3331a4-3331a8 815->821 822 372e7c-372e90 call 39bf30 815->822 817->816 823 333201-333214 KillTimer call 3330f2 call 333c50 818->823 824 372d9c-372d9f 818->824 819->817 826 333246-333251 CreatePopupMenu 819->826 827 3331ae-3331b3 821->827 828 372e68-372e72 call 39c161 821->828 822->817 838 372e96 822->838 823->817 830 372dd7-372df6 MoveWindow 824->830 831 372da1-372da5 824->831 826->817 835 372e4d-372e54 827->835 836 3331b9-3331be 827->836 843 372e77 828->843 830->817 839 372da7-372daa 831->839 840 372dc6-372dd2 SetFocus 831->840 835->811 841 372e5a-372e63 call 390ad7 835->841 845 333253-333263 call 33326f 836->845 846 3331c4-3331ca 836->846 838->811 839->846 848 372db0-372dc1 call 3318e2 839->848 840->817 841->811 843->817 845->817 846->811 846->847 847->811 853 372e35-372e48 call 3330f2 call 333837 847->853 848->817 853->811
                                                          APIs
                                                          • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0033316A,?,?), ref: 003331D8
                                                          • KillTimer.USER32(?,00000001,?,?,?,?,?,0033316A,?,?), ref: 00333204
                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00333227
                                                          • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0033316A,?,?), ref: 00333232
                                                          • CreatePopupMenu.USER32 ref: 00333246
                                                          • PostQuitMessage.USER32(00000000), ref: 00333267
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                          • String ID: TaskbarCreated
                                                          • API String ID: 129472671-2362178303
                                                          • Opcode ID: 2b1d820ecbc0b495ee746997df2ee1f60f03504b98cfc280673e903667ece961
                                                          • Instruction ID: 084f7b5e9ee499d318918bc307d2bd6096fa448185630a604c94b4f376a00c80
                                                          • Opcode Fuzzy Hash: 2b1d820ecbc0b495ee746997df2ee1f60f03504b98cfc280673e903667ece961
                                                          • Instruction Fuzzy Hash: 04412831A50200ABEB272B78DE8DB7A365DE705340F04C135F91AEA5F1C779DA40D769
                                                          Function 00332C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 871 332c63-332cd3 CreateWindowExW * 2 ShowWindow * 2
                                                          APIs
                                                          • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00332C91
                                                          • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00332CB2
                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,00331CAD,?), ref: 00332CC6
                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,00331CAD,?), ref: 00332CCF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$CreateShow
                                                          • String ID: AutoIt v3$edit
                                                          • API String ID: 1584632944-3779509399
                                                          • Opcode ID: d158b2af07d2df6de11881d0006795f118ce40641e90d1b6cb83bbe7a35dd3ea
                                                          • Instruction ID: 98bcb48bdc13650635e317bffa35d1517632f5e214ff3869e6e43d4b0c7a6342
                                                          • Opcode Fuzzy Hash: d158b2af07d2df6de11881d0006795f118ce40641e90d1b6cb83bbe7a35dd3ea
                                                          • Instruction Fuzzy Hash: 95F0B7755503907AEB211717AD08E772EBDD7C6F50F00106EFD04E25B0C6711851DAB8
                                                          Function 00333B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1296 333b1c-333b27 1297 333b99-333b9b 1296->1297 1298 333b29-333b2e 1296->1298 1299 333b8c-333b8f 1297->1299 1298->1297 1300 333b30-333b48 RegOpenKeyExW 1298->1300 1300->1297 1301 333b4a-333b69 RegQueryValueExW 1300->1301 1302 333b80-333b8b RegCloseKey 1301->1302 1303 333b6b-333b76 1301->1303 1302->1299 1304 333b90-333b97 1303->1304 1305 333b78-333b7a 1303->1305 1306 333b7e 1304->1306 1305->1306 1306->1302
                                                          APIs
                                                          • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00333B0F,SwapMouseButtons,00000004,?), ref: 00333B40
                                                          • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00333B0F,SwapMouseButtons,00000004,?), ref: 00333B61
                                                          • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00333B0F,SwapMouseButtons,00000004,?), ref: 00333B83
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseOpenQueryValue
                                                          • String ID: Control Panel\Mouse
                                                          • API String ID: 3677997916-824357125
                                                          • Opcode ID: 8ed34c774835aafb1aff53b4d04c69dc4a7834f1019c271e98a17a7e72f670c5
                                                          • Instruction ID: 8fb63fa251f6ac1061b473c789ead33196ce2d03a474bbc1b6c138ac7689122d
                                                          • Opcode Fuzzy Hash: 8ed34c774835aafb1aff53b4d04c69dc4a7834f1019c271e98a17a7e72f670c5
                                                          • Instruction Fuzzy Hash: 4B112AB5520218FFDB228FA5DC84EAEB7BCEF04744F118459F805D7110D231EE409760
                                                          Function 00333923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1367 333923-333939 1368 333a13-333a17 1367->1368 1369 33393f-333954 call 336270 1367->1369 1372 373393-3733a2 LoadStringW 1369->1372 1373 33395a-333976 call 336b57 1369->1373 1375 3733ad-3733b6 1372->1375 1379 3733c9-3733e5 call 336350 call 333fcf 1373->1379 1380 33397c-333980 1373->1380 1377 333994-333a0e call 352340 call 333a18 call 354983 Shell_NotifyIconW call 33988f 1375->1377 1378 3733bc-3733c4 call 33a8c7 1375->1378 1377->1368 1378->1377 1379->1377 1393 3733eb-373409 call 3333c6 call 333fcf call 3333c6 1379->1393 1380->1375 1382 333986-33398f call 336350 1380->1382 1382->1377 1393->1377
                                                          APIs
                                                          • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 003733A2
                                                            • Part of subcall function 00336B57: _wcslen.LIBCMT ref: 00336B6A
                                                          • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00333A04
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: IconLoadNotifyShell_String_wcslen
                                                          • String ID: Line:
                                                          • API String ID: 2289894680-1585850449
                                                          • Opcode ID: 500a1e4cc409848ceab67644b474cea3634b22328de89462a528c505c54d173c
                                                          • Instruction ID: 52dd867cd5ab1c447a32eb929afdef3039bfb1d343310a5a193a336fe7bd94c3
                                                          • Opcode Fuzzy Hash: 500a1e4cc409848ceab67644b474cea3634b22328de89462a528c505c54d173c
                                                          • Instruction Fuzzy Hash: 8031B471508304AED327EB20DC86FEBB7DCAB40714F10852EF999970A1DB749649C7C6
                                                          Function 00332DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetOpenFileNameW.COMDLG32(?), ref: 00372C8C
                                                            • Part of subcall function 00333AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00333A97,?,?,00332E7F,?,?,?,00000000), ref: 00333AC2
                                                            • Part of subcall function 00332DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00332DC4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Name$Path$FileFullLongOpen
                                                          • String ID: X$`e?
                                                          • API String ID: 779396738-120205953
                                                          • Opcode ID: 902d0b7b29530fec6febb7bf2f560b70efad5d2e127bd0393e02aadc9917be7a
                                                          • Instruction ID: a08647a86cf70b5c7741f38ee9e50be0ad3252a03f670c2b425926968420999b
                                                          • Opcode Fuzzy Hash: 902d0b7b29530fec6febb7bf2f560b70efad5d2e127bd0393e02aadc9917be7a
                                                          • Instruction Fuzzy Hash: 0C21A871A0025C9FDB03EF95C846BEE7BFC9F49304F008059E509BB241DBB855498FA1
                                                          Function 0034FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00350668
                                                            • Part of subcall function 003532A4: RaiseException.KERNEL32(?,?,?,0035068A,?,00401444,?,?,?,?,?,?,0035068A,00331129,003F8738,00331129), ref: 00353304
                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00350685
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                          • String ID: Unknown exception
                                                          • API String ID: 3476068407-410509341
                                                          • Opcode ID: bed16886f51b08e6c9d596a9029c6876d09517548b59d96dc91240dd202196e1
                                                          • Instruction ID: 74bf20c3046b6127cf791b60c6b2eefe1438901ffe9a36319f8571908a86aebb
                                                          • Opcode Fuzzy Hash: bed16886f51b08e6c9d596a9029c6876d09517548b59d96dc91240dd202196e1
                                                          • Instruction Fuzzy Hash: 00F0283490020D77CB0BB7A4D846C9D77AC9E00341B604830BD14C94B5EF72EA6DC6C0
                                                          Function 003310F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00331BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00331BF4
                                                            • Part of subcall function 00331BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00331BFC
                                                            • Part of subcall function 00331BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00331C07
                                                            • Part of subcall function 00331BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00331C12
                                                            • Part of subcall function 00331BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00331C1A
                                                            • Part of subcall function 00331BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00331C22
                                                            • Part of subcall function 00331B4A: RegisterWindowMessageW.USER32(00000004,?,003312C4), ref: 00331BA2
                                                          • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0033136A
                                                          • OleInitialize.OLE32 ref: 00331388
                                                          • CloseHandle.KERNEL32(00000000,00000000), ref: 003724AB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                          • String ID:
                                                          • API String ID: 1986988660-0
                                                          • Opcode ID: 1c9ea5762798be36a71bd9bbe15f54bd1257441d650a33224ff9201e77ef3bd1
                                                          • Instruction ID: d5d620b313ddd8b131fc1bb3b8c1ab8039807e4c501568be2ab60fb1a230defb
                                                          • Opcode Fuzzy Hash: 1c9ea5762798be36a71bd9bbe15f54bd1257441d650a33224ff9201e77ef3bd1
                                                          • Instruction Fuzzy Hash: 9371BFB9911300AFC386EF79AE85A553AE4FB88354754863EE44AFB2B1EB344541CF4C
                                                          Function 0039C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00333923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00333A04
                                                          • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0039C259
                                                          • KillTimer.USER32(?,00000001,?,?), ref: 0039C261
                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0039C270
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: IconNotifyShell_Timer$Kill
                                                          • String ID:
                                                          • API String ID: 3500052701-0
                                                          • Opcode ID: 8f66dea6ae66c6966338212ca64ea3477cf8ca2e153ddc00a048cae397617baf
                                                          • Instruction ID: f501f514ba9d15956b2309e14eec5f6c30ae6b5908bff72904b0838d36a26280
                                                          • Opcode Fuzzy Hash: 8f66dea6ae66c6966338212ca64ea3477cf8ca2e153ddc00a048cae397617baf
                                                          • Instruction Fuzzy Hash: 49319370914384AFEF239F748895BE7BBEC9B06308F00549AD5DEA7242C7746A84CB51
                                                          Function 003686AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • CloseHandle.KERNELBASE(00000000,00000000,?,?,003685CC,?,003F8CC8,0000000C), ref: 00368704
                                                          • GetLastError.KERNEL32(?,003685CC,?,003F8CC8,0000000C), ref: 0036870E
                                                          • __dosmaperr.LIBCMT ref: 00368739
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseErrorHandleLast__dosmaperr
                                                          • String ID:
                                                          • API String ID: 2583163307-0
                                                          • Opcode ID: 61f2ce76636dd31cb1fcf53a544ce68eed9ee0d803907d3f1b08d6e1026cc603
                                                          • Instruction ID: a2b4e3e7df233c8b0465204e4b387440af621f5b20cbdd3e326e6f18be729549
                                                          • Opcode Fuzzy Hash: 61f2ce76636dd31cb1fcf53a544ce68eed9ee0d803907d3f1b08d6e1026cc603
                                                          • Instruction Fuzzy Hash: B4018E3670426016C2336334E845B7E27494B8BB74F3A8329FA48DF1DADEF0CC818250
                                                          Function 0033DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • TranslateMessage.USER32(?), ref: 0033DB7B
                                                          • DispatchMessageW.USER32(?), ref: 0033DB89
                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0033DB9F
                                                          • Sleep.KERNELBASE(0000000A), ref: 0033DBB1
                                                          • TranslateAcceleratorW.USER32(?,?,?), ref: 00381CC9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                          • String ID:
                                                          • API String ID: 3288985973-0
                                                          • Opcode ID: 4fcb0fa75210ea9e720969d2de37a8a38b45d3aa89a825fd3d861e60101c3c77
                                                          • Instruction ID: 94d8598ffc70b269193b86f96febae4f111113703800d0c376121c59deac4ff4
                                                          • Opcode Fuzzy Hash: 4fcb0fa75210ea9e720969d2de37a8a38b45d3aa89a825fd3d861e60101c3c77
                                                          • Instruction Fuzzy Hash: 6CF05E316443409BEB31DB60DC89FEA73BCEB45310F104929E64AD70D0DB30A4888B15
                                                          Function 00341310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __Init_thread_footer.LIBCMT ref: 003417F6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Init_thread_footer
                                                          • String ID: CALL
                                                          • API String ID: 1385522511-4196123274
                                                          • Opcode ID: b069f9fe0dfcd29a01b789836dc8961b2c9bbfd1b681d3ba203bedbd8dbf4f23
                                                          • Instruction ID: 0c4493dd2c02044e91d7adeffcaff305e385cc106de173f2bb794c109a3ffa45
                                                          • Opcode Fuzzy Hash: b069f9fe0dfcd29a01b789836dc8961b2c9bbfd1b681d3ba203bedbd8dbf4f23
                                                          • Instruction Fuzzy Hash: A12299706087019FC716DF24C485A2ABBF5BF86314F19896DF4968F3A2D771E981CB82
                                                          Function 00333837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00333908
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: IconNotifyShell_
                                                          • String ID:
                                                          • API String ID: 1144537725-0
                                                          • Opcode ID: 10dbe7ef84a8d9168d414283614b653f3df40091c74069bac049fac3ae0452cc
                                                          • Instruction ID: 3080656ad5565d2ac70d2338e629ff9f9e998a75302f362eafc4aaa90d3c813a
                                                          • Opcode Fuzzy Hash: 10dbe7ef84a8d9168d414283614b653f3df40091c74069bac049fac3ae0452cc
                                                          • Instruction Fuzzy Hash: 18319170504301DFE722DF24D9C4B97BBE8FB49709F00492EF99997290E771AA48CB92
                                                          Function 0034F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • timeGetTime.WINMM ref: 0034F661
                                                            • Part of subcall function 0033D730: GetInputState.USER32 ref: 0033D807
                                                          • Sleep.KERNEL32(00000000), ref: 0038F2DE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: InputSleepStateTimetime
                                                          • String ID:
                                                          • API String ID: 4149333218-0
                                                          • Opcode ID: 72f43464984eb7a8cd9ed8c424ebf57278765606203e7051d4508489647502fd
                                                          • Instruction ID: 81ccb101e673f8d8b7a6649159134329fc622a516dc86b5f5ef01f6d89464a8e
                                                          • Opcode Fuzzy Hash: 72f43464984eb7a8cd9ed8c424ebf57278765606203e7051d4508489647502fd
                                                          • Instruction Fuzzy Hash: E9F01C352406059FD315EF69D489F6AF7E8EF46761F004069E95DCB261DB70B800CB91
                                                          Function 00334ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00334E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00334EDD,?,00401418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00334E9C
                                                            • Part of subcall function 00334E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00334EAE
                                                            • Part of subcall function 00334E90: FreeLibrary.KERNEL32(00000000,?,?,00334EDD,?,00401418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00334EC0
                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00401418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00334EFD
                                                            • Part of subcall function 00334E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00373CDE,?,00401418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00334E62
                                                            • Part of subcall function 00334E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00334E74
                                                            • Part of subcall function 00334E59: FreeLibrary.KERNEL32(00000000,?,?,00373CDE,?,00401418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00334E87
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Library$Load$AddressFreeProc
                                                          • String ID:
                                                          • API String ID: 2632591731-0
                                                          • Opcode ID: f8cfd93e5dd81d902e89944a1648eedf8177f6bf1396e4be99de5d6ccdcf98b1
                                                          • Instruction ID: 0635c3e311656b1488d22117a5f7a59262ce1c8608b7c0a4e73c05c02d53b189
                                                          • Opcode Fuzzy Hash: f8cfd93e5dd81d902e89944a1648eedf8177f6bf1396e4be99de5d6ccdcf98b1
                                                          • Instruction Fuzzy Hash: 5E112332610205AACF27AB64DC82FAD77A9AF40B11F14842DF442AE1C1EE74EE059B50
                                                          Function 00368402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: __wsopen_s
                                                          • String ID:
                                                          • API String ID: 3347428461-0
                                                          • Opcode ID: d9b70949f49baccbceb95f83bd8e835c0453960d5decb2a1f572dbd9580bdd68
                                                          • Instruction ID: e03b1860b14c75a4dd8915eefb821daf6a789162ff952bc16afb23bb39350094
                                                          • Opcode Fuzzy Hash: d9b70949f49baccbceb95f83bd8e835c0453960d5decb2a1f572dbd9580bdd68
                                                          • Instruction Fuzzy Hash: B8115E7190410AAFCF06DF58E94099E7BF4EF48300F118159FC08AB311DB30DA11CB64
                                                          Function 003C29BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetForegroundWindow.USER32(00000000,?,?,?,003C14B5,?), ref: 003C2A01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ForegroundWindow
                                                          • String ID:
                                                          • API String ID: 2020703349-0
                                                          • Opcode ID: 86069f5466b115b15b9ee3d686b0bf33a99652fa066d94d7f461eba116a23d4b
                                                          • Instruction ID: bb05e346d2b828fa818950f96e44055401601c4882d2caaad92fdfbd65963b58
                                                          • Opcode Fuzzy Hash: 86069f5466b115b15b9ee3d686b0bf33a99652fa066d94d7f461eba116a23d4b
                                                          • Instruction Fuzzy Hash: F3015E3A740A41AFD326CA2DC454F277796EB85314F6A856DD04BCB251DB32FC52C7A0
                                                          Function 0035E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                          • Instruction ID: b30988700cf2b9736134b6dfb1a057069fffd976fc13dbb9fb189879be87ecf1
                                                          • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                          • Instruction Fuzzy Hash: 43F0F432510A10AAC7373A69DC05F5B339D9F523B3F114B15FC219A1E2CB74D90A86E5
                                                          Function 00363820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(00000000,?,00401444,?,0034FDF5,?,?,0033A976,00000010,00401440,003313FC,?,003313C6,?,00331129), ref: 00363852
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: 93c5e6f9285ca844342356fd1a4173c9f6e337cfe358186be3af8497711e59cc
                                                          • Instruction ID: 2cf55821c48fd11a81ab9eb50d58ca704f4469b6abf007a6ff389cc41ee8b237
                                                          • Opcode Fuzzy Hash: 93c5e6f9285ca844342356fd1a4173c9f6e337cfe358186be3af8497711e59cc
                                                          • Instruction Fuzzy Hash: EBE065311012245AE62326679D05FDA364DAF427B1F168121BC15979A5DB21DD0983E1
                                                          Function 00334F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FreeLibrary.KERNEL32(?,?,00401418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00334F6D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: FreeLibrary
                                                          • String ID:
                                                          • API String ID: 3664257935-0
                                                          • Opcode ID: 0be41abd3cf50338a4109227ecaca47ce7ca69f05fb9e61b7fafd89702dc594d
                                                          • Instruction ID: 3f4a2224b770f5b943adbb0074c412cbd91a2cac95658aad71e4a650ae29a09d
                                                          • Opcode Fuzzy Hash: 0be41abd3cf50338a4109227ecaca47ce7ca69f05fb9e61b7fafd89702dc594d
                                                          • Instruction Fuzzy Hash: D2F03071105751CFDB369F65D4D0C12B7E4EF1431971989BEE1DA82621C731B844DF10
                                                          Function 003C2A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsWindow.USER32(00000000), ref: 003C2A66
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window
                                                          • String ID:
                                                          • API String ID: 2353593579-0
                                                          • Opcode ID: b2f3650b8a88be9238488c20c1fa5793413826910b91f535e5d6b8f543f3b402
                                                          • Instruction ID: ae30077d85357825e64bc340a7fb99e7f5304bc7ab8594e338a3f13ee269ee97
                                                          • Opcode Fuzzy Hash: b2f3650b8a88be9238488c20c1fa5793413826910b91f535e5d6b8f543f3b402
                                                          • Instruction Fuzzy Hash: 9DE04F7A354116AACB16EB34DC80EFB735CEB51395B10453AEC1AC6500DF309D9597A0
                                                          Function 00332DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00332DC4
                                                            • Part of subcall function 00336B57: _wcslen.LIBCMT ref: 00336B6A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: LongNamePath_wcslen
                                                          • String ID:
                                                          • API String ID: 541455249-0
                                                          • Opcode ID: ca38674f1d8a2d04944aede8e5f09eed088d141e927ad5754161c7458c11b5a1
                                                          • Instruction ID: 6346e4f0b0c98929a1b22679263779550ec29980a0d1a42b1304a5e7413182d5
                                                          • Opcode Fuzzy Hash: ca38674f1d8a2d04944aede8e5f09eed088d141e927ad5754161c7458c11b5a1
                                                          • Instruction Fuzzy Hash: 24E0CD72A001245BCB2192589C06FDA77DDDFC8790F044171FD0DD7248D964AD808650
                                                          Function 00332B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00333837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00333908
                                                            • Part of subcall function 0033D730: GetInputState.USER32 ref: 0033D807
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00332B6B
                                                            • Part of subcall function 003330F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0033314E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                          • String ID:
                                                          • API String ID: 3667716007-0
                                                          • Opcode ID: ebf094c63335a950eb551264556d6d8636939ec47ae1898c93b9d71f62c26463
                                                          • Instruction ID: 85978609952f98b87d66c0b07f4000739faeb47cb577b449dc7e6a8b379fd551
                                                          • Opcode Fuzzy Hash: ebf094c63335a950eb551264556d6d8636939ec47ae1898c93b9d71f62c26463
                                                          • Instruction Fuzzy Hash: A9E08C3270424406CA0ABB74A8D29AEA7599BD1362F40957EF1469F1B3CF788A498352
                                                          Function 0037039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateFileW.KERNELBASE(00000000,00000000,?,00370704,?,?,00000000,?,00370704,00000000,0000000C), ref: 003703B7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: 76a153f5ea98b277bcaec1a628ee2c61c9e0c8e6e4df84a773174413e4fe858e
                                                          • Instruction ID: ac8a46d0addd19556b3628a25f6ae7668807543c71acdddecb0c9aa0ecd51c45
                                                          • Opcode Fuzzy Hash: 76a153f5ea98b277bcaec1a628ee2c61c9e0c8e6e4df84a773174413e4fe858e
                                                          • Instruction Fuzzy Hash: 03D06C3205010DBBDF028F85DD06EDA3BAAFB48714F014000FE1896020C732E821AB90
                                                          Function 00331CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00331CBC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: InfoParametersSystem
                                                          • String ID:
                                                          • API String ID: 3098949447-0
                                                          • Opcode ID: 4e1db591429ac0177464341e0682fafdb1f29eedd06c6486a474855f945b947f
                                                          • Instruction ID: 33387f2f6a3ff370a05c65ba35ef2c45abeaaf9cacc42fb2f3380e888f03731d
                                                          • Opcode Fuzzy Hash: 4e1db591429ac0177464341e0682fafdb1f29eedd06c6486a474855f945b947f
                                                          • Instruction Fuzzy Hash: 39C09236280304AFF3159B80BE4EF107768A348B00F049011FA0EB95F3C3F22821EB58

                                                          Non-executed Functions

                                                          Function 003C9576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00349BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00349BB2
                                                          • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 003C961A
                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 003C965B
                                                          • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 003C969F
                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003C96C9
                                                          • SendMessageW.USER32 ref: 003C96F2
                                                          • GetKeyState.USER32(00000011), ref: 003C978B
                                                          • GetKeyState.USER32(00000009), ref: 003C9798
                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 003C97AE
                                                          • GetKeyState.USER32(00000010), ref: 003C97B8
                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003C97E9
                                                          • SendMessageW.USER32 ref: 003C9810
                                                          • SendMessageW.USER32(?,00001030,?,003C7E95), ref: 003C9918
                                                          • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 003C992E
                                                          • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 003C9941
                                                          • SetCapture.USER32(?), ref: 003C994A
                                                          • ClientToScreen.USER32(?,?), ref: 003C99AF
                                                          • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 003C99BC
                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 003C99D6
                                                          • ReleaseCapture.USER32 ref: 003C99E1
                                                          • GetCursorPos.USER32(?), ref: 003C9A19
                                                          • ScreenToClient.USER32(?,?), ref: 003C9A26
                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 003C9A80
                                                          • SendMessageW.USER32 ref: 003C9AAE
                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 003C9AEB
                                                          • SendMessageW.USER32 ref: 003C9B1A
                                                          • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 003C9B3B
                                                          • SendMessageW.USER32(?,0000110B,00000009,?), ref: 003C9B4A
                                                          • GetCursorPos.USER32(?), ref: 003C9B68
                                                          • ScreenToClient.USER32(?,?), ref: 003C9B75
                                                          • GetParent.USER32(?), ref: 003C9B93
                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 003C9BFA
                                                          • SendMessageW.USER32 ref: 003C9C2B
                                                          • ClientToScreen.USER32(?,?), ref: 003C9C84
                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 003C9CB4
                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 003C9CDE
                                                          • SendMessageW.USER32 ref: 003C9D01
                                                          • ClientToScreen.USER32(?,?), ref: 003C9D4E
                                                          • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 003C9D82
                                                            • Part of subcall function 00349944: GetWindowLongW.USER32(?,000000EB), ref: 00349952
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 003C9E05
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                          • String ID: @GUI_DRAGID$F$p#@
                                                          • API String ID: 3429851547-2648032285
                                                          • Opcode ID: cbc28aeb089667235144f86b62906449acdce280d2217bec7e0506958bb109cd
                                                          • Instruction ID: af9508be6e0fb572f4d1409759fb21310d8a1905771202ecbed07574a2db8918
                                                          • Opcode Fuzzy Hash: cbc28aeb089667235144f86b62906449acdce280d2217bec7e0506958bb109cd
                                                          • Instruction Fuzzy Hash: 44427A75204200AFD726CF24CD48FAABBE9EF49320F16461EF599D72A1D731AD60CB41
                                                          Function 003C4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 003C48F3
                                                          • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 003C4908
                                                          • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 003C4927
                                                          • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 003C494B
                                                          • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 003C495C
                                                          • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 003C497B
                                                          • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 003C49AE
                                                          • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 003C49D4
                                                          • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 003C4A0F
                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 003C4A56
                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 003C4A7E
                                                          • IsMenu.USER32(?), ref: 003C4A97
                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003C4AF2
                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003C4B20
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 003C4B94
                                                          • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 003C4BE3
                                                          • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 003C4C82
                                                          • wsprintfW.USER32 ref: 003C4CAE
                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 003C4CC9
                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 003C4CF1
                                                          • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 003C4D13
                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 003C4D33
                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 003C4D5A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                          • String ID: %d/%02d/%02d
                                                          • API String ID: 4054740463-328681919
                                                          • Opcode ID: d0c586e325da7053cf5975de3a4f92fbf945fd9d09292baf2dd3cb88ef4a0dd7
                                                          • Instruction ID: bdb6218166c7d323c4c120638b7c2ef9361ad7744affc44735fe87b1533bc78e
                                                          • Opcode Fuzzy Hash: d0c586e325da7053cf5975de3a4f92fbf945fd9d09292baf2dd3cb88ef4a0dd7
                                                          • Instruction Fuzzy Hash: 9112EF71600214ABEB269F28CD59FAEBBF8EF45310F14412DF51AEA2E1DB74AD41CB50
                                                          Function 0034F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0034F998
                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0038F474
                                                          • IsIconic.USER32(00000000), ref: 0038F47D
                                                          • ShowWindow.USER32(00000000,00000009), ref: 0038F48A
                                                          • SetForegroundWindow.USER32(00000000), ref: 0038F494
                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0038F4AA
                                                          • GetCurrentThreadId.KERNEL32 ref: 0038F4B1
                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0038F4BD
                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 0038F4CE
                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 0038F4D6
                                                          • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0038F4DE
                                                          • SetForegroundWindow.USER32(00000000), ref: 0038F4E1
                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0038F4F6
                                                          • keybd_event.USER32(00000012,00000000), ref: 0038F501
                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0038F50B
                                                          • keybd_event.USER32(00000012,00000000), ref: 0038F510
                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0038F519
                                                          • keybd_event.USER32(00000012,00000000), ref: 0038F51E
                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0038F528
                                                          • keybd_event.USER32(00000012,00000000), ref: 0038F52D
                                                          • SetForegroundWindow.USER32(00000000), ref: 0038F530
                                                          • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0038F557
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                          • String ID: Shell_TrayWnd
                                                          • API String ID: 4125248594-2988720461
                                                          • Opcode ID: bf10ecbd11464f565d320006afe6fa6795f23f6ea226e4c30e83fbc96c782cd9
                                                          • Instruction ID: c1d1e841566c22dbec90070190faa570de5ddaa237eebe1dddbc9bcbce59ce55
                                                          • Opcode Fuzzy Hash: bf10ecbd11464f565d320006afe6fa6795f23f6ea226e4c30e83fbc96c782cd9
                                                          • Instruction Fuzzy Hash: C531A671A50318BFEB226BB64C4AFBF7E6CEB45B50F151066F604E61D1C7B06D00AB60
                                                          Function 00391201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 003916C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0039170D
                                                            • Part of subcall function 003916C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0039173A
                                                            • Part of subcall function 003916C3: GetLastError.KERNEL32 ref: 0039174A
                                                          • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00391286
                                                          • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 003912A8
                                                          • CloseHandle.KERNEL32(?), ref: 003912B9
                                                          • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 003912D1
                                                          • GetProcessWindowStation.USER32 ref: 003912EA
                                                          • SetProcessWindowStation.USER32(00000000), ref: 003912F4
                                                          • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00391310
                                                            • Part of subcall function 003910BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003911FC), ref: 003910D4
                                                            • Part of subcall function 003910BF: CloseHandle.KERNEL32(?,?,003911FC), ref: 003910E9
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                          • String ID: $default$winsta0$Z?
                                                          • API String ID: 22674027-1168915105
                                                          • Opcode ID: 401e8a695be03213a8472310cc4984359659d09e1b495e40d4f70111455ca92e
                                                          • Instruction ID: 1c43c8cd50b94dfa47795b87a2dd47e63585fc2eec4c31ef8b3326d562d0d6bb
                                                          • Opcode Fuzzy Hash: 401e8a695be03213a8472310cc4984359659d09e1b495e40d4f70111455ca92e
                                                          • Instruction Fuzzy Hash: 2F818B7190020AAFEF229FA5DC49FEE7BB9EF08704F184129FA14F61A0C7319954CB20
                                                          Function 00390B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 003910F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00391114
                                                            • Part of subcall function 003910F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00390B9B,?,?,?), ref: 00391120
                                                            • Part of subcall function 003910F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00390B9B,?,?,?), ref: 0039112F
                                                            • Part of subcall function 003910F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00390B9B,?,?,?), ref: 00391136
                                                            • Part of subcall function 003910F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0039114D
                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00390BCC
                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00390C00
                                                          • GetLengthSid.ADVAPI32(?), ref: 00390C17
                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00390C51
                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00390C6D
                                                          • GetLengthSid.ADVAPI32(?), ref: 00390C84
                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00390C8C
                                                          • HeapAlloc.KERNEL32(00000000), ref: 00390C93
                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00390CB4
                                                          • CopySid.ADVAPI32(00000000), ref: 00390CBB
                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00390CEA
                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00390D0C
                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00390D1E
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00390D45
                                                          • HeapFree.KERNEL32(00000000), ref: 00390D4C
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00390D55
                                                          • HeapFree.KERNEL32(00000000), ref: 00390D5C
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00390D65
                                                          • HeapFree.KERNEL32(00000000), ref: 00390D6C
                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00390D78
                                                          • HeapFree.KERNEL32(00000000), ref: 00390D7F
                                                            • Part of subcall function 00391193: GetProcessHeap.KERNEL32(00000008,00390BB1,?,00000000,?,00390BB1,?), ref: 003911A1
                                                            • Part of subcall function 00391193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00390BB1,?), ref: 003911A8
                                                            • Part of subcall function 00391193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00390BB1,?), ref: 003911B7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                          • String ID:
                                                          • API String ID: 4175595110-0
                                                          • Opcode ID: fe98da2956d33a20392d21ccc3817494a777b1dbb92b7143a1a32824ef19fd52
                                                          • Instruction ID: 9124ea8c7de129564b17392fe9250bcfef17763c0f886c2ed4d6ad8d3d73d61a
                                                          • Opcode Fuzzy Hash: fe98da2956d33a20392d21ccc3817494a777b1dbb92b7143a1a32824ef19fd52
                                                          • Instruction Fuzzy Hash: 2771587290021AAFDF16DFA5DC48FAEBBBCBF04304F054615E919E6291D771EA05CBA0
                                                          Function 003AEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • OpenClipboard.USER32(003CCC08), ref: 003AEB29
                                                          • IsClipboardFormatAvailable.USER32(0000000D), ref: 003AEB37
                                                          • GetClipboardData.USER32(0000000D), ref: 003AEB43
                                                          • CloseClipboard.USER32 ref: 003AEB4F
                                                          • GlobalLock.KERNEL32(00000000), ref: 003AEB87
                                                          • CloseClipboard.USER32 ref: 003AEB91
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 003AEBBC
                                                          • IsClipboardFormatAvailable.USER32(00000001), ref: 003AEBC9
                                                          • GetClipboardData.USER32(00000001), ref: 003AEBD1
                                                          • GlobalLock.KERNEL32(00000000), ref: 003AEBE2
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 003AEC22
                                                          • IsClipboardFormatAvailable.USER32(0000000F), ref: 003AEC38
                                                          • GetClipboardData.USER32(0000000F), ref: 003AEC44
                                                          • GlobalLock.KERNEL32(00000000), ref: 003AEC55
                                                          • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 003AEC77
                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 003AEC94
                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 003AECD2
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 003AECF3
                                                          • CountClipboardFormats.USER32 ref: 003AED14
                                                          • CloseClipboard.USER32 ref: 003AED59
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                          • String ID:
                                                          • API String ID: 420908878-0
                                                          • Opcode ID: 82130fe0ce43d044762da52469f652e50ba1c5662546efe4e3d8bbb1e0387665
                                                          • Instruction ID: bab2532d7984057a3522fbec8864975af97964e1b534fa44c0b70d3eb5d37218
                                                          • Opcode Fuzzy Hash: 82130fe0ce43d044762da52469f652e50ba1c5662546efe4e3d8bbb1e0387665
                                                          • Instruction Fuzzy Hash: 7D61F435208301AFD302EF24D899F2AB7A8EF85714F09555DF45ADB2A1CB31ED06CB62
                                                          Function 003A698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNEL32(?,?), ref: 003A69BE
                                                          • FindClose.KERNEL32(00000000), ref: 003A6A12
                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003A6A4E
                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003A6A75
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 003A6AB2
                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 003A6ADF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                          • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                          • API String ID: 3830820486-3289030164
                                                          • Opcode ID: b896ae42863568b97ec5f52bee3efd70a8a84cdaa7b90c64ca3a9cd5510e8fdb
                                                          • Instruction ID: 8a57dee008a88b93b18a58b5d539707f4d384203e835906b37b0f6105918e19f
                                                          • Opcode Fuzzy Hash: b896ae42863568b97ec5f52bee3efd70a8a84cdaa7b90c64ca3a9cd5510e8fdb
                                                          • Instruction Fuzzy Hash: 91D160B2508300AFC715EBA4C986EABB7ECEF89704F04491DF585DB191EB74DA44CB62
                                                          Function 003A9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 003A9663
                                                          • GetFileAttributesW.KERNEL32(?), ref: 003A96A1
                                                          • SetFileAttributesW.KERNEL32(?,?), ref: 003A96BB
                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 003A96D3
                                                          • FindClose.KERNEL32(00000000), ref: 003A96DE
                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 003A96FA
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 003A974A
                                                          • SetCurrentDirectoryW.KERNEL32(003F6B7C), ref: 003A9768
                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 003A9772
                                                          • FindClose.KERNEL32(00000000), ref: 003A977F
                                                          • FindClose.KERNEL32(00000000), ref: 003A978F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                          • String ID: *.*
                                                          • API String ID: 1409584000-438819550
                                                          • Opcode ID: f844ab44184a2a134b4b864076b12cfd988e8aa521e1c09a7fdee7f0efd0fb57
                                                          • Instruction ID: 7b63f622de64c7e50bc6dc2d29264e7d833c5ece09189830cdfc39f2a16236f9
                                                          • Opcode Fuzzy Hash: f844ab44184a2a134b4b864076b12cfd988e8aa521e1c09a7fdee7f0efd0fb57
                                                          • Instruction Fuzzy Hash: 4A31B0325002196ADF16AFB5EC09FEE77ACDF4A321F114596E909E21A0DB35ED448B20
                                                          Function 003A979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 003A97BE
                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 003A9819
                                                          • FindClose.KERNEL32(00000000), ref: 003A9824
                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 003A9840
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 003A9890
                                                          • SetCurrentDirectoryW.KERNEL32(003F6B7C), ref: 003A98AE
                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 003A98B8
                                                          • FindClose.KERNEL32(00000000), ref: 003A98C5
                                                          • FindClose.KERNEL32(00000000), ref: 003A98D5
                                                            • Part of subcall function 0039DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0039DB00
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                          • String ID: *.*
                                                          • API String ID: 2640511053-438819550
                                                          • Opcode ID: 1b904fd3367184ed3df09d9b16ebeaa27d77da3b71674caaeb9b99636db6ba51
                                                          • Instruction ID: cccf64afb31ad269354f530ffca349d700e7cf254e0a6db0ad1df614fd45c08a
                                                          • Opcode Fuzzy Hash: 1b904fd3367184ed3df09d9b16ebeaa27d77da3b71674caaeb9b99636db6ba51
                                                          • Instruction Fuzzy Hash: 0E31B0325002196ADF12EFA4EC49FEE77ACDF07320F118556E914F21A0DB39EE458B20
                                                          Function 003BBE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 003BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003BB6AE,?,?), ref: 003BC9B5
                                                            • Part of subcall function 003BC998: _wcslen.LIBCMT ref: 003BC9F1
                                                            • Part of subcall function 003BC998: _wcslen.LIBCMT ref: 003BCA68
                                                            • Part of subcall function 003BC998: _wcslen.LIBCMT ref: 003BCA9E
                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003BBF3E
                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 003BBFA9
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 003BBFCD
                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 003BC02C
                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 003BC0E7
                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 003BC154
                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 003BC1E9
                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 003BC23A
                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 003BC2E3
                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 003BC382
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 003BC38F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                          • String ID:
                                                          • API String ID: 3102970594-0
                                                          • Opcode ID: 3c2b468fe926783f4604244eb3d970fdc5652de804d823c2a4bc363503478a18
                                                          • Instruction ID: 67235ae0e9018a3db7e6ce1b2e3c0ac79e7f5a50cd365acb21e3259acc30ec00
                                                          • Opcode Fuzzy Hash: 3c2b468fe926783f4604244eb3d970fdc5652de804d823c2a4bc363503478a18
                                                          • Instruction Fuzzy Hash: 95026D716142009FD726CF28C891E6AB7E4AF89318F19849DF94ADF6A2DB31EC41CB51
                                                          Function 003A8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLocalTime.KERNEL32(?), ref: 003A8257
                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 003A8267
                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 003A8273
                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 003A8310
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 003A8324
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 003A8356
                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 003A838C
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 003A8395
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CurrentDirectoryTime$File$Local$System
                                                          • String ID: *.*
                                                          • API String ID: 1464919966-438819550
                                                          • Opcode ID: cdb30c16dcb16c6f1c65dd6f974b67c548fb5a66077f92434091043b3aecda30
                                                          • Instruction ID: 7a1f713e16fdd48fdac93cb5a6bcedcfec8d0a3e69484e1e922ee2bec63d56a8
                                                          • Opcode Fuzzy Hash: cdb30c16dcb16c6f1c65dd6f974b67c548fb5a66077f92434091043b3aecda30
                                                          • Instruction Fuzzy Hash: 10615A765043459FDB11EF60C880AAEB3E8FF8A310F048D1AF989DB251DB35E945CB92
                                                          Function 0039D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00333AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00333A97,?,?,00332E7F,?,?,?,00000000), ref: 00333AC2
                                                            • Part of subcall function 0039E199: GetFileAttributesW.KERNEL32(?,0039CF95), ref: 0039E19A
                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0039D122
                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0039D1DD
                                                          • MoveFileW.KERNEL32(?,?), ref: 0039D1F0
                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0039D20D
                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0039D237
                                                            • Part of subcall function 0039D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0039D21C,?,?), ref: 0039D2B2
                                                          • FindClose.KERNEL32(00000000,?,?,?), ref: 0039D253
                                                          • FindClose.KERNEL32(00000000), ref: 0039D264
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                          • String ID: \*.*
                                                          • API String ID: 1946585618-1173974218
                                                          • Opcode ID: a72b7b313e5d03cdeb49c638c351b6c1ede21ee7fa5f433b4a56d87b91f07473
                                                          • Instruction ID: fb75530b5c2a28def164653b4b8f5fdc007a45c2f66707c4c21e9511a569e8f8
                                                          • Opcode Fuzzy Hash: a72b7b313e5d03cdeb49c638c351b6c1ede21ee7fa5f433b4a56d87b91f07473
                                                          • Instruction Fuzzy Hash: 4D615F3180510D9FCF07EBE0DA929EDB779AF55300F248565E4467B191EB31AF09CB60
                                                          Function 003AED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                          • String ID:
                                                          • API String ID: 1737998785-0
                                                          • Opcode ID: c043fda8aeab1f91e8ef3323119c1ccb09acc07bc037599c5d988d7134054a3f
                                                          • Instruction ID: 2f911999940646a056ec68223d75a779070f3f79345b436ed397cd3acd153cf4
                                                          • Opcode Fuzzy Hash: c043fda8aeab1f91e8ef3323119c1ccb09acc07bc037599c5d988d7134054a3f
                                                          • Instruction Fuzzy Hash: 2341AB35204611AFE722CF15D888F19BBE9EF45329F19D099E8199FA62C735FC42CB90
                                                          Function 0039E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 003916C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0039170D
                                                            • Part of subcall function 003916C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0039173A
                                                            • Part of subcall function 003916C3: GetLastError.KERNEL32 ref: 0039174A
                                                          • ExitWindowsEx.USER32(?,00000000), ref: 0039E932
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                          • String ID: $ $@$SeShutdownPrivilege
                                                          • API String ID: 2234035333-3163812486
                                                          • Opcode ID: a449b0de9da0fd621dc3e6f9bd7bdbc382fd4834fa73a4ac8b628799e15eeb6f
                                                          • Instruction ID: c2e17d0c84c03e6f0a958fae112cc67095678395240af6d6fb6edc9edea87847
                                                          • Opcode Fuzzy Hash: a449b0de9da0fd621dc3e6f9bd7bdbc382fd4834fa73a4ac8b628799e15eeb6f
                                                          • Instruction Fuzzy Hash: D601F973A20215AFEF56B6B49C86FBF726CA714751F150821FD13F61D1DBA96C408290
                                                          Function 003B1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 003B1276
                                                          • WSAGetLastError.WSOCK32 ref: 003B1283
                                                          • bind.WSOCK32(00000000,?,00000010), ref: 003B12BA
                                                          • WSAGetLastError.WSOCK32 ref: 003B12C5
                                                          • closesocket.WSOCK32(00000000), ref: 003B12F4
                                                          • listen.WSOCK32(00000000,00000005), ref: 003B1303
                                                          • WSAGetLastError.WSOCK32 ref: 003B130D
                                                          • closesocket.WSOCK32(00000000), ref: 003B133C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$closesocket$bindlistensocket
                                                          • String ID:
                                                          • API String ID: 540024437-0
                                                          • Opcode ID: 75768b99e8851c2092ea8121c1505d3f265da7cc80f175cc8a3594443e3c7fd2
                                                          • Instruction ID: 66726eae312b8e71625800625603e258c26f4c849bff496a15be40cf504bd067
                                                          • Opcode Fuzzy Hash: 75768b99e8851c2092ea8121c1505d3f265da7cc80f175cc8a3594443e3c7fd2
                                                          • Instruction Fuzzy Hash: 0941D435A002009FD711DF24C494B6ABBE5BF46318F598488D95A8F6D2C731FD81CBE0
                                                          Function 0039D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00333AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00333A97,?,?,00332E7F,?,?,?,00000000), ref: 00333AC2
                                                            • Part of subcall function 0039E199: GetFileAttributesW.KERNEL32(?,0039CF95), ref: 0039E19A
                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0039D420
                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0039D470
                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0039D481
                                                          • FindClose.KERNEL32(00000000), ref: 0039D498
                                                          • FindClose.KERNEL32(00000000), ref: 0039D4A1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                          • String ID: \*.*
                                                          • API String ID: 2649000838-1173974218
                                                          • Opcode ID: 65ba0c05958b0722b693fef3193c5e8659e3fd360cf5c40391449e565d2303fc
                                                          • Instruction ID: 47fe3c2c6fe5f99d8a10ac63505c0d2bd1de4f84176df40e26c57f1fd1c1ce0d
                                                          • Opcode Fuzzy Hash: 65ba0c05958b0722b693fef3193c5e8659e3fd360cf5c40391449e565d2303fc
                                                          • Instruction Fuzzy Hash: D8315C710183459BC706EF64D8929AFB7A8AE91314F448E1DF4D5971A1EF20AA09CB63
                                                          Function 0036E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: __floor_pentium4
                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                          • API String ID: 4168288129-2761157908
                                                          • Opcode ID: 5c642285a41b7a578ff69738dc4362716adc86a4957abab0706dd8e7e1979771
                                                          • Instruction ID: f2b65f6e36d824acd251a2a20ae2c2d3b77a74e2328c6943c19d0429e7595902
                                                          • Opcode Fuzzy Hash: 5c642285a41b7a578ff69738dc4362716adc86a4957abab0706dd8e7e1979771
                                                          • Instruction Fuzzy Hash: E9C26E75E086288FDB26CF28DD407EAB7B9EB45305F1581EAD80DE7244E774AE858F40
                                                          Function 003A648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _wcslen.LIBCMT ref: 003A64DC
                                                          • CoInitialize.OLE32(00000000), ref: 003A6639
                                                          • CoCreateInstance.OLE32(003CFCF8,00000000,00000001,003CFB68,?), ref: 003A6650
                                                          • CoUninitialize.OLE32 ref: 003A68D4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                          • String ID: .lnk
                                                          • API String ID: 886957087-24824748
                                                          • Opcode ID: 8be1e6542d808900d24988852ac8a9bf06c30b081e9bd7d7b8dfb0d46cf68d04
                                                          • Instruction ID: b49147b49d17ee3740a5433d712a262a59f0d61253e5a4e18755aaab5e295825
                                                          • Opcode Fuzzy Hash: 8be1e6542d808900d24988852ac8a9bf06c30b081e9bd7d7b8dfb0d46cf68d04
                                                          • Instruction Fuzzy Hash: 2CD13971508201AFD315EF24C882E6BB7E9FF95704F04496DF5958B2A1EB70ED05CB92
                                                          Function 003B22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetForegroundWindow.USER32(?,?,00000000), ref: 003B22E8
                                                            • Part of subcall function 003AE4EC: GetWindowRect.USER32(?,?), ref: 003AE504
                                                          • GetDesktopWindow.USER32 ref: 003B2312
                                                          • GetWindowRect.USER32(00000000), ref: 003B2319
                                                          • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 003B2355
                                                          • GetCursorPos.USER32(?), ref: 003B2381
                                                          • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 003B23DF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                          • String ID:
                                                          • API String ID: 2387181109-0
                                                          • Opcode ID: ebe05202b236739dd6d5565cdfe13699984ef63c7a80b0461657fb63135ba935
                                                          • Instruction ID: 624582774cf13172e0cd514bc8b7ffadd59e6790915dbb90eed1a0d585b9e2d0
                                                          • Opcode Fuzzy Hash: ebe05202b236739dd6d5565cdfe13699984ef63c7a80b0461657fb63135ba935
                                                          • Instruction Fuzzy Hash: 7431BE72504315ABDB22DF55C849E9BB7E9FB88314F000A19F989D7191DB34E909CB92
                                                          Function 003A9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                          • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 003A9B78
                                                          • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 003A9C8B
                                                            • Part of subcall function 003A3874: GetInputState.USER32 ref: 003A38CB
                                                            • Part of subcall function 003A3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003A3966
                                                          • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 003A9BA8
                                                          • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 003A9C75
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                          • String ID: *.*
                                                          • API String ID: 1972594611-438819550
                                                          • Opcode ID: 7c9a7fe37d6ad92bde28a4457294e4923a78b10abce00db776cb76fbc61ba643
                                                          • Instruction ID: e59ffa90888ece704b0d1197acc1cf245ffa9a5c0ea0056709b0b4e8e961b92b
                                                          • Opcode Fuzzy Hash: 7c9a7fe37d6ad92bde28a4457294e4923a78b10abce00db776cb76fbc61ba643
                                                          • Instruction Fuzzy Hash: 9441307194460A9FCF16DFA4C985BEEBBB8EF06311F248156E905B6191EB309E44CF60
                                                          Function 0034997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00349BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00349BB2
                                                          • DefDlgProcW.USER32(?,?,?,?,?), ref: 00349A4E
                                                          • GetSysColor.USER32(0000000F), ref: 00349B23
                                                          • SetBkColor.GDI32(?,00000000), ref: 00349B36
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Color$LongProcWindow
                                                          • String ID:
                                                          • API String ID: 3131106179-0
                                                          • Opcode ID: 30d893dec7e2f41d89bb7b65b2902b39ab7b960546b9ba9dc0c5d76044e7f70b
                                                          • Instruction ID: ccc2c9f3ac840612bc20cc63fcfbfd93267e7e63c35db068a32e50363d256a5f
                                                          • Opcode Fuzzy Hash: 30d893dec7e2f41d89bb7b65b2902b39ab7b960546b9ba9dc0c5d76044e7f70b
                                                          • Instruction Fuzzy Hash: 17A1FA70108554AEE727BA3C8C89F7B2ADEDB82350F26425BF502DEA91CA25FD01D375
                                                          Function 003B1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 003B304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 003B307A
                                                            • Part of subcall function 003B304E: _wcslen.LIBCMT ref: 003B309B
                                                          • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 003B185D
                                                          • WSAGetLastError.WSOCK32 ref: 003B1884
                                                          • bind.WSOCK32(00000000,?,00000010), ref: 003B18DB
                                                          • WSAGetLastError.WSOCK32 ref: 003B18E6
                                                          • closesocket.WSOCK32(00000000), ref: 003B1915
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                          • String ID:
                                                          • API String ID: 1601658205-0
                                                          • Opcode ID: 6f846360ec075c4541c9f1a5530034d9101a4caa6f926ecb50699ad34919a3d6
                                                          • Instruction ID: 858fdf1ca7918442159595ea6ac2b36a1e2e5549f4d4394aac32936f18047765
                                                          • Opcode Fuzzy Hash: 6f846360ec075c4541c9f1a5530034d9101a4caa6f926ecb50699ad34919a3d6
                                                          • Instruction Fuzzy Hash: B551C675A002006FEB12AF24C8D6F6A77E5AB44718F44845CFA059F7D3C771AD418BA1
                                                          Function 003C1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                          • String ID:
                                                          • API String ID: 292994002-0
                                                          • Opcode ID: 9e5617a9502b2c11dc6de6a3659b345588b359d83fa261dae3bbf5f0b6e6ef87
                                                          • Instruction ID: 8c6d46de37e3654da65fd0feecbf3f28732e22c8954194536372a3d2db79cbcc
                                                          • Opcode Fuzzy Hash: 9e5617a9502b2c11dc6de6a3659b345588b359d83fa261dae3bbf5f0b6e6ef87
                                                          • Instruction Fuzzy Hash: AB2191317402105FD7229F1AC884F6A7BA9EF96315F1AD06CE84ACB352CB71EC42DB90
                                                          Function 00338060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                          • API String ID: 0-1546025612
                                                          • Opcode ID: 17eac49ce974cf8ad8fa92a7830afccd0b4cc022d234b9d3d630b4d7f949b4c2
                                                          • Instruction ID: 32c543e1319d82574ac451ef6b42341d37e8f0ea581a6d3d301411560b42454d
                                                          • Opcode Fuzzy Hash: 17eac49ce974cf8ad8fa92a7830afccd0b4cc022d234b9d3d630b4d7f949b4c2
                                                          • Instruction Fuzzy Hash: D4A2A174E0061ACBDF36CF58C8917AEB7B1BF44310F2585A9E819AB681DB749D81CF90
                                                          Function 00398298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenW.KERNEL32(?,?,?,00000000), ref: 003982AA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: lstrlen
                                                          • String ID: ($tb?$|
                                                          • API String ID: 1659193697-3876775998
                                                          • Opcode ID: 1707fe567807c0055992674115a40c6388bdb07d31ea0ba57a5634af38e2cf7b
                                                          • Instruction ID: 19b434b85b6818954757c90e8d4a3b2e87b616321c5a0961e58d22a92e9f8d09
                                                          • Opcode Fuzzy Hash: 1707fe567807c0055992674115a40c6388bdb07d31ea0ba57a5634af38e2cf7b
                                                          • Instruction Fuzzy Hash: 34323679A006059FCB29CF59C481A6AB7F0FF88710B15C46EE59ADB7A1EB70E941CB40
                                                          Function 0039AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0039AAAC
                                                          • SetKeyboardState.USER32(00000080), ref: 0039AAC8
                                                          • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0039AB36
                                                          • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0039AB88
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: KeyboardState$InputMessagePostSend
                                                          • String ID:
                                                          • API String ID: 432972143-0
                                                          • Opcode ID: 28bb049169103dfebe68eace05a3f8cbf38d26b140437faccb59a5c462e76f88
                                                          • Instruction ID: 3a30f7031821ea092ed3f1cc24f454f04d4cd3f1b9816adb6206d0b91777532a
                                                          • Opcode Fuzzy Hash: 28bb049169103dfebe68eace05a3f8cbf38d26b140437faccb59a5c462e76f88
                                                          • Instruction Fuzzy Hash: 16313930A40A08AFFF37CB69CC05BFA7BAAAB45310F04431AF585961D0D7749981C7E2
                                                          Function 0036BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _free.LIBCMT ref: 0036BB7F
                                                            • Part of subcall function 003629C8: HeapFree.KERNEL32(00000000,00000000,?,0036D7D1,00000000,00000000,00000000,00000000,?,0036D7F8,00000000,00000007,00000000,?,0036DBF5,00000000), ref: 003629DE
                                                            • Part of subcall function 003629C8: GetLastError.KERNEL32(00000000,?,0036D7D1,00000000,00000000,00000000,00000000,?,0036D7F8,00000000,00000007,00000000,?,0036DBF5,00000000,00000000), ref: 003629F0
                                                          • GetTimeZoneInformation.KERNEL32 ref: 0036BB91
                                                          • WideCharToMultiByte.KERNEL32(00000000,?,0040121C,000000FF,?,0000003F,?,?), ref: 0036BC09
                                                          • WideCharToMultiByte.KERNEL32(00000000,?,00401270,000000FF,?,0000003F,?,?,?,0040121C,000000FF,?,0000003F,?,?), ref: 0036BC36
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                          • String ID:
                                                          • API String ID: 806657224-0
                                                          • Opcode ID: e3bb0a5d3ead4e95eef00a940c253877f1e5ad99d5070ffa6e02d8cad561a1dc
                                                          • Instruction ID: 074bfb3b281daab8d3861d4950938c5fa7f473ae28f94aedc393125d534f22bc
                                                          • Opcode Fuzzy Hash: e3bb0a5d3ead4e95eef00a940c253877f1e5ad99d5070ffa6e02d8cad561a1dc
                                                          • Instruction Fuzzy Hash: 3B31CE71904205DFCB12DFA9CC80929FBB8BF56750B1582AEE051FB2B5D7309A81CF54
                                                          Function 003ACE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InternetReadFile.WININET(?,?,00000400,?), ref: 003ACE89
                                                          • GetLastError.KERNEL32(?,00000000), ref: 003ACEEA
                                                          • SetEvent.KERNEL32(?,?,00000000), ref: 003ACEFE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorEventFileInternetLastRead
                                                          • String ID:
                                                          • API String ID: 234945975-0
                                                          • Opcode ID: 092eb6751e440012f1e456bd59e503515cd5bd2ca66594799defec3f2b12dc7d
                                                          • Instruction ID: 846471081dff75d0e1203f9e704612a671f28718d053a83691fded423dc8a8bd
                                                          • Opcode Fuzzy Hash: 092eb6751e440012f1e456bd59e503515cd5bd2ca66594799defec3f2b12dc7d
                                                          • Instruction Fuzzy Hash: 5321BDB1510305AFEB22CF65C948FA677FCEB02355F10582EE646D2551EB70EE08CB90
                                                          Function 003A5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNEL32(?,?), ref: 003A5CC1
                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 003A5D17
                                                          • FindClose.KERNEL32(?), ref: 003A5D5F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Find$File$CloseFirstNext
                                                          • String ID:
                                                          • API String ID: 3541575487-0
                                                          • Opcode ID: c17a7c33d3946bae98fb0972bfe731e476b979491bbca4d007b5ad56fdabaea0
                                                          • Instruction ID: 7f5a5bd4d1c107af27fbc7000110c3facabde792f11016e2fa7ac9e1b407d2ea
                                                          • Opcode Fuzzy Hash: c17a7c33d3946bae98fb0972bfe731e476b979491bbca4d007b5ad56fdabaea0
                                                          • Instruction Fuzzy Hash: D4517674604A019FC716DF28C494E9AB7E4FF4A324F15855DE99A8B3A1CB30E905CF91
                                                          Function 00362622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • IsDebuggerPresent.KERNEL32 ref: 0036271A
                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00362724
                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00362731
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                          • String ID:
                                                          • API String ID: 3906539128-0
                                                          • Opcode ID: 94862e27eb190f6264ae365915462a1616b0b624d9041701aeeb16129acfa56d
                                                          • Instruction ID: 2ca9a34d2f398b57737d398b075726577ebed4bb580a4a943537b43efcaf787a
                                                          • Opcode Fuzzy Hash: 94862e27eb190f6264ae365915462a1616b0b624d9041701aeeb16129acfa56d
                                                          • Instruction Fuzzy Hash: 5831D67491121C9BCB22DF64DC88BDDB7B8AF08310F5081EAE80CA7261E7349F858F54
                                                          Function 003A51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNEL32(00000001), ref: 003A51DA
                                                          • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 003A5238
                                                          • SetErrorMode.KERNEL32(00000000), ref: 003A52A1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorMode$DiskFreeSpace
                                                          • String ID:
                                                          • API String ID: 1682464887-0
                                                          • Opcode ID: b26487d99dd36895851bc88b150e1fcc3991f02425174918f05972149d0b4fff
                                                          • Instruction ID: 75f928f6152a403f2a0f7bc0adb3b284f1713daeb9fd204a3edb79d4b338f7c0
                                                          • Opcode Fuzzy Hash: b26487d99dd36895851bc88b150e1fcc3991f02425174918f05972149d0b4fff
                                                          • Instruction Fuzzy Hash: 82315A75A10508DFDB01DF54D884EADBBB4FF49314F088499E809AB362CB31E846CB90
                                                          Function 003916C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0034FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00350668
                                                            • Part of subcall function 0034FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00350685
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0039170D
                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0039173A
                                                          • GetLastError.KERNEL32 ref: 0039174A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                          • String ID:
                                                          • API String ID: 577356006-0
                                                          • Opcode ID: 41cebfae6608598bfba9d0ba5752a5daa6102c6e16a95c97d255584d7dc9fe75
                                                          • Instruction ID: 0deebe9c8d881015b913e5af9d5a556d6a2b5e1de37ef15fb0c3845e0d429959
                                                          • Opcode Fuzzy Hash: 41cebfae6608598bfba9d0ba5752a5daa6102c6e16a95c97d255584d7dc9fe75
                                                          • Instruction Fuzzy Hash: FD11BFB2810205AFE7199F54EC86D6AB7FDEF04714B24852EE05696241EB70FC418B20
                                                          Function 0039D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0039D608
                                                          • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0039D645
                                                          • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0039D650
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseControlCreateDeviceFileHandle
                                                          • String ID:
                                                          • API String ID: 33631002-0
                                                          • Opcode ID: 984e11ebae04e20158526c3b3d46f0d6daddc902f3e85a6b54d4def1a4d62e1c
                                                          • Instruction ID: 79cfc0ec1a97c7d93ffd90e208e935751d77f3705b3b2d058903051104dd0bd1
                                                          • Opcode Fuzzy Hash: 984e11ebae04e20158526c3b3d46f0d6daddc902f3e85a6b54d4def1a4d62e1c
                                                          • Instruction Fuzzy Hash: A711A175E01228BFDB118F95EC45FAFBFBCEB45B50F108115F908E7290C2705A018BA1
                                                          Function 00391663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0039168C
                                                          • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 003916A1
                                                          • FreeSid.ADVAPI32(?), ref: 003916B1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: AllocateCheckFreeInitializeMembershipToken
                                                          • String ID:
                                                          • API String ID: 3429775523-0
                                                          • Opcode ID: 2e41b33a641486af0e3d3d6bcc38b73e1f903bb5e3c5962d8f3835959a37bb92
                                                          • Instruction ID: 4ba5c7f60f2a58d293f6a71a2878d68bf2faafe9ea32e2bf6cb027b93f617523
                                                          • Opcode Fuzzy Hash: 2e41b33a641486af0e3d3d6bcc38b73e1f903bb5e3c5962d8f3835959a37bb92
                                                          • Instruction Fuzzy Hash: D4F0F4B1950309FBDF01DFE49C89EAEBBBCFB08704F504565E901E2181E774EA448B54
                                                          Function 00354CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentProcess.KERNEL32(003628E9,?,00354CBE,003628E9,003F88B8,0000000C,00354E15,003628E9,00000002,00000000,?,003628E9), ref: 00354D09
                                                          • TerminateProcess.KERNEL32(00000000,?,00354CBE,003628E9,003F88B8,0000000C,00354E15,003628E9,00000002,00000000,?,003628E9), ref: 00354D10
                                                          • ExitProcess.KERNEL32 ref: 00354D22
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$CurrentExitTerminate
                                                          • String ID:
                                                          • API String ID: 1703294689-0
                                                          • Opcode ID: e59e2c50860c224cd867c0f92e482a666c24c48e702f37a6363ca17f5db2ee5f
                                                          • Instruction ID: 0765d98dee9a788d01b1a8da1390804827760c0da87ace476efdf78f757a6b39
                                                          • Opcode Fuzzy Hash: e59e2c50860c224cd867c0f92e482a666c24c48e702f37a6363ca17f5db2ee5f
                                                          • Instruction Fuzzy Hash: DFE09231410188ABCB16AF54EE09E583BA9AB41786F159018FC098B133CB3AE986CB90
                                                          Function 0038D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetUserNameW.ADVAPI32(?,?), ref: 0038D28C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: NameUser
                                                          • String ID: X64
                                                          • API String ID: 2645101109-893830106
                                                          • Opcode ID: 86eba263fb376722b1e9f2a3a6828ea27b0ce143c6e5556056b2fbbb0894293b
                                                          • Instruction ID: 363d56b22d780909813bd55e568af4b2faaecc502cdb76d6a3c820b3b231020f
                                                          • Opcode Fuzzy Hash: 86eba263fb376722b1e9f2a3a6828ea27b0ce143c6e5556056b2fbbb0894293b
                                                          • Instruction Fuzzy Hash: 8ED0C9B481112DEACB91DB90EC88DD9B3BCBB04305F100591F106E2440D730A5488F10
                                                          Function 0035CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                          • Instruction ID: f76c324b289243f8693f42b04ab4b297a4ecee824b769ca2411fc15330637f63
                                                          • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                          • Instruction Fuzzy Hash: F2022C71E102199FDF15CFA9C880AADFBF1EF48319F259169D819EB390D731AA45CB80
                                                          Function 0033CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Variable is not of type 'Object'.$p#@
                                                          • API String ID: 0-655357629
                                                          • Opcode ID: dba7f6d43994692dd0dd5b5320eab95f01391a08ed3bade3cf34bcdb028300ef
                                                          • Instruction ID: de056fd003c6b108c66c28cd131e343256a9a302ac1dea53186fc0103097868c
                                                          • Opcode Fuzzy Hash: dba7f6d43994692dd0dd5b5320eab95f01391a08ed3bade3cf34bcdb028300ef
                                                          • Instruction Fuzzy Hash: 1532AE34910218DBCF1AEF90C9C1AEDB7B9BF05304F1550A9E806BF292D775AE49CB50
                                                          Function 003A68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNEL32(?,?), ref: 003A6918
                                                          • FindClose.KERNEL32(00000000), ref: 003A6961
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Find$CloseFileFirst
                                                          • String ID:
                                                          • API String ID: 2295610775-0
                                                          • Opcode ID: 4c2ddd1b6423d6a46ac7d4afdd1ed68ea5c801242453ba065ef2a9f94e2d715b
                                                          • Instruction ID: 2e1a02ba322a66087af522935cace89899ae4c91850f513adfc575a51bf61fab
                                                          • Opcode Fuzzy Hash: 4c2ddd1b6423d6a46ac7d4afdd1ed68ea5c801242453ba065ef2a9f94e2d715b
                                                          • Instruction Fuzzy Hash: 7311D0356142009FC711CF29C4C9A16BBE4FF89328F09C69DE4698F6A2CB30EC05CB90
                                                          Function 003A37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,003B4891,?,?,00000035,?), ref: 003A37E4
                                                          • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,003B4891,?,?,00000035,?), ref: 003A37F4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorFormatLastMessage
                                                          • String ID:
                                                          • API String ID: 3479602957-0
                                                          • Opcode ID: 1cc43e238fce0cbd9975b9465255a25540994e0cccb793747070d5bc6c6bf202
                                                          • Instruction ID: 15bcf667a97e9d6ffcfa69f812351a6d6ddffe552c7bf640785b202ce22031f9
                                                          • Opcode Fuzzy Hash: 1cc43e238fce0cbd9975b9465255a25540994e0cccb793747070d5bc6c6bf202
                                                          • Instruction Fuzzy Hash: 4DF0E5B16053286AEB2257669C4DFEB3AAEEFC5761F000265F509D2281D9A09904C7B0
                                                          Function 0039B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0039B25D
                                                          • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 0039B270
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: InputSendkeybd_event
                                                          • String ID:
                                                          • API String ID: 3536248340-0
                                                          • Opcode ID: 7b2976840c5976b8cd3bb0e60f15c41a1f44b51e558dc0bcb9409b9e239ad7da
                                                          • Instruction ID: d03bd8d88810756b560ab416273272ea8ed65d5895f6c44b29fd36be6072136f
                                                          • Opcode Fuzzy Hash: 7b2976840c5976b8cd3bb0e60f15c41a1f44b51e558dc0bcb9409b9e239ad7da
                                                          • Instruction Fuzzy Hash: 73F06D7080424DABDF069FA0C805BAEBBB4FF04305F00840AF955E5192C37992019F94
                                                          Function 003910BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003911FC), ref: 003910D4
                                                          • CloseHandle.KERNEL32(?,?,003911FC), ref: 003910E9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: AdjustCloseHandlePrivilegesToken
                                                          • String ID:
                                                          • API String ID: 81990902-0
                                                          • Opcode ID: 9c061bd340d1b0353853fc227cf030f8ca60da31d18b98160565f0c7151f7ce4
                                                          • Instruction ID: 88e9f763a27dc47ace0d1d6b0b452fb8d537e97a478c1ff1737e332bb70e5eca
                                                          • Opcode Fuzzy Hash: 9c061bd340d1b0353853fc227cf030f8ca60da31d18b98160565f0c7151f7ce4
                                                          • Instruction Fuzzy Hash: 7AE0BF72014651AEE7262B51FC05E7777EDFB04311F14882DF5A6844B5DB62BC90DB50
                                                          Function 0036676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00366766,?,?,00000008,?,?,0036FEFE,00000000), ref: 00366998
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ExceptionRaise
                                                          • String ID:
                                                          • API String ID: 3997070919-0
                                                          • Opcode ID: 5b6a1589b80ec558d59c3fe25b0cdd221120a2112f4893ef341921830b32eaa3
                                                          • Instruction ID: d7ed77ba6054bb5d523508c280ce8799470c110edab6bdb84e16fb58a09c3699
                                                          • Opcode Fuzzy Hash: 5b6a1589b80ec558d59c3fe25b0cdd221120a2112f4893ef341921830b32eaa3
                                                          • Instruction Fuzzy Hash: DAB13A716106089FD716CF28C48AB657BE0FF453A4F2AC65CE899CF2A6C335E991CB40
                                                          Function 0034B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: 91a2cac8dc4da12abc6023437480da3687d9d64314569f624b018ad9a39e2a4a
                                                          • Instruction ID: 21f3bb1cb53c90364f522f1f1585a802f9efaf1e54ae6137473967c12c668fc0
                                                          • Opcode Fuzzy Hash: 91a2cac8dc4da12abc6023437480da3687d9d64314569f624b018ad9a39e2a4a
                                                          • Instruction Fuzzy Hash: 67126E759002299FCB26DF59C880AEEB7F5FF48310F55819AE849EB251DB709E81CF90
                                                          Function 003AEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • BlockInput.USER32(00000001), ref: 003AEABD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: BlockInput
                                                          • String ID:
                                                          • API String ID: 3456056419-0
                                                          • Opcode ID: 94c4fddd41e4fd3c6d9e8af8e0175542941e9220c4715b5238f79e0e7ffe22e8
                                                          • Instruction ID: d473bd03eb43609c711225ce92a3f5e91156f8c4a38fb40925a843746b9f566c
                                                          • Opcode Fuzzy Hash: 94c4fddd41e4fd3c6d9e8af8e0175542941e9220c4715b5238f79e0e7ffe22e8
                                                          • Instruction Fuzzy Hash: 92E01A362202049FD711EF59D844E9AF7EDEF99760F00841AFD49DB351DA70AC408B90
                                                          Function 003509D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,003503EE), ref: 003509DA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled
                                                          • String ID:
                                                          • API String ID: 3192549508-0
                                                          • Opcode ID: 7e3fb02ebf6dc3b12a4f888f200c6e03437fce0a10f339fec2caa037051c5189
                                                          • Instruction ID: 6194fd11ecca6938c5ef420c80c741148b50d3afcd87d08ef425616cca335706
                                                          • Opcode Fuzzy Hash: 7e3fb02ebf6dc3b12a4f888f200c6e03437fce0a10f339fec2caa037051c5189
                                                          • Instruction Fuzzy Hash:
                                                          Function 0035781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0
                                                          • API String ID: 0-4108050209
                                                          • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                          • Instruction ID: f1968dd1a50a5da8f6c701b57a2c3476d648fbefaa0fa1e4bd4f40afd9bb10d0
                                                          • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                          • Instruction Fuzzy Hash: 7F51677160C6455BDB3B8628A85FFFE23999B12343F190509DC82DB6B2C715EE0DD3A2
                                                          Function 003A2046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0&@
                                                          • API String ID: 0-1848180278
                                                          • Opcode ID: 5bec0f454ff8e4b06f871400d07f5d20693cbe5e45254eb8c834d25586d0f7ff
                                                          • Instruction ID: 9de7b97fbf7528f52a019c4a515bdacf3607961dc7c54bf4d612678c579202fe
                                                          • Opcode Fuzzy Hash: 5bec0f454ff8e4b06f871400d07f5d20693cbe5e45254eb8c834d25586d0f7ff
                                                          • Instruction Fuzzy Hash: 2521D5322206118BD728CE79C92267F73E5EB54310F158A2EE4A7D73D0DE7AA904DB84
                                                          Function 00366DD9 Relevance: .6, Instructions: 637COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bd9af9f2d04dd9838f72a2c4aad2394e77dbc3f51be658f62c830b97f66ecca9
                                                          • Instruction ID: 87b1cebe20a055e0e646aaf7721ccca6b24fc8e1b4257e4b8001c9091c69b1e1
                                                          • Opcode Fuzzy Hash: bd9af9f2d04dd9838f72a2c4aad2394e77dbc3f51be658f62c830b97f66ecca9
                                                          • Instruction Fuzzy Hash: 86323422D2AF414DD7239635DC22336A34DAFB73C9F55D737E82AB59A9EB29C4834100
                                                          Function 0034CC39 Relevance: .6, Instructions: 635COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e55149ace45c7def1be7fb61e160e67d56db4945c9785c408e81ed85a4a2600d
                                                          • Instruction ID: 87922e76f4e6d2fd5d3c938dc8fa292d67330d1c10064cc05516cf8c9a47f5a5
                                                          • Opcode Fuzzy Hash: e55149ace45c7def1be7fb61e160e67d56db4945c9785c408e81ed85a4a2600d
                                                          • Instruction Fuzzy Hash: 5F322931A203058BCF2BEF28C4D467D77E5EB45300F2AA5A6D959CB691D334ED82DB60
                                                          Function 00337920 Relevance: .6, Instructions: 563COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 03389ff84d1222ebc6a35f42efefa5893504ffc6bd537ddd69ff7590af34ed98
                                                          • Instruction ID: b6eb8ae1ee6b93fa5049093fe66cede10633e858352e03797b0a45cd189a05d1
                                                          • Opcode Fuzzy Hash: 03389ff84d1222ebc6a35f42efefa5893504ffc6bd537ddd69ff7590af34ed98
                                                          • Instruction Fuzzy Hash: 3022C5B0A04609DFDF2ACF64C881BAEB7F5FF44300F148529E816AB291E779AD55CB50
                                                          Function 003391C0 Relevance: .5, Instructions: 475COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f7a4fd40e8a63127b6ad3877b62f65f576db5ec308db355d2aeb8340172d8093
                                                          • Instruction ID: a7d6568ea985bfd08146b545012f90ad704c955f8f8a54da772715e7f8e639ee
                                                          • Opcode Fuzzy Hash: f7a4fd40e8a63127b6ad3877b62f65f576db5ec308db355d2aeb8340172d8093
                                                          • Instruction Fuzzy Hash: 8202C7B1E0010AEFDB16DF54D881AAEB7B5FF48300F118169E81ADF290E735EA50CB91
                                                          Function 00369EEE Relevance: .3, Instructions: 294COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d6e755e1bde75279a01a78dfce4aa095e5a7ecb037331fe9baefa77a7031bf71
                                                          • Instruction ID: 9808c1e059b5b379ed77f3d7e58ada825264093c3e68d08001b2c9665074dff7
                                                          • Opcode Fuzzy Hash: d6e755e1bde75279a01a78dfce4aa095e5a7ecb037331fe9baefa77a7031bf71
                                                          • Instruction Fuzzy Hash: DCB10324E2AF414DC32396399931336B75CAFBB6D5F91D71BFC2674D22EB228A834141
                                                          Function 00351C77 Relevance: .3, Instructions: 254COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                          • Instruction ID: 3a9756473ca93097744823709d188ca7979b38f64e769c3963f3a9d3c1607c6c
                                                          • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                          • Instruction Fuzzy Hash: E49176321080E34ADB2B463A8535A7EFFF15A523A371B079DDCF2CA1E5EE10895CD620
                                                          Function 00351F32 Relevance: .2, Instructions: 244COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                          • Instruction ID: d89e5a1dcadfe7b0738ca676711fa5553215c7c816a30d891e40dc119451f945
                                                          • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                          • Instruction Fuzzy Hash: DD9163722094A309DB6B4239847493FFEE15A933A371B079DDCF2CB5E5EE24865CD620
                                                          Function 003519B0 Relevance: .2, Instructions: 240COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                          • Instruction ID: 2115388321932e1fc467189b9025db696693b645c345a8c02604e3e6c2dc723c
                                                          • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                          • Instruction Fuzzy Hash: 489162722090A34ADB2F427A857493EFFE55A923A331B079DDCF2CA1E1FE14855CD620
                                                          Function 00357A4A Relevance: .2, Instructions: 237COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5c7949ccfd2543fe1f458a2429c216c18799797b714e129f0d1d6ee25222db85
                                                          • Instruction ID: 24792e704e75b2cc33db58e763e26862aea1949da438974faa2a8e0e60c2dd03
                                                          • Opcode Fuzzy Hash: 5c7949ccfd2543fe1f458a2429c216c18799797b714e129f0d1d6ee25222db85
                                                          • Instruction Fuzzy Hash: 7461677160878957EA3B9A28B899FBE2398DF41303F150919EC43DF3B1DA119E4E8355
                                                          Function 00357CA7 Relevance: .2, Instructions: 237COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2ebbc7bcb8d8f7fb0e78d999dfd2b6e9102fdd9727f556312b7c99453cedebec
                                                          • Instruction ID: eb7329674dd2250a7e7fad5dc95f17bbf47f05f294ee46dd4d81c7f80690f181
                                                          • Opcode Fuzzy Hash: 2ebbc7bcb8d8f7fb0e78d999dfd2b6e9102fdd9727f556312b7c99453cedebec
                                                          • Instruction Fuzzy Hash: 8C61997120870957DE3B5A287896FBE23E8AF02703F110949EC43DF6B1EA129D4E8251
                                                          Function 00351706 Relevance: .2, Instructions: 232COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                          • Instruction ID: d5080c76cfcf36ab21411d02bca05b3ebdc67adb365ee61284d1b994834fc9ff
                                                          • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                          • Instruction Fuzzy Hash: FB8187725080A309DB6F423D8534A7EFFE15A923A371B079DDCF2CA1E1EE14995CE660
                                                          Function 003B2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DeleteObject.GDI32(00000000), ref: 003B2B30
                                                          • DeleteObject.GDI32(00000000), ref: 003B2B43
                                                          • DestroyWindow.USER32 ref: 003B2B52
                                                          • GetDesktopWindow.USER32 ref: 003B2B6D
                                                          • GetWindowRect.USER32(00000000), ref: 003B2B74
                                                          • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 003B2CA3
                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 003B2CB1
                                                          • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003B2CF8
                                                          • GetClientRect.USER32(00000000,?), ref: 003B2D04
                                                          • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 003B2D40
                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003B2D62
                                                          • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003B2D75
                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003B2D80
                                                          • GlobalLock.KERNEL32(00000000), ref: 003B2D89
                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003B2D98
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 003B2DA1
                                                          • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003B2DA8
                                                          • GlobalFree.KERNEL32(00000000), ref: 003B2DB3
                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003B2DC5
                                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,003CFC38,00000000), ref: 003B2DDB
                                                          • GlobalFree.KERNEL32(00000000), ref: 003B2DEB
                                                          • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 003B2E11
                                                          • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 003B2E30
                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003B2E52
                                                          • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003B303F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                          • String ID: $AutoIt v3$DISPLAY$static
                                                          • API String ID: 2211948467-2373415609
                                                          • Opcode ID: 5a15b29d0f92d6443157d77f33eaa8f4a3937e3f0f29ae87378681213ebd7574
                                                          • Instruction ID: 1de84994881bc7ba5186d394dc5446646b45e41f7bdbbae5efb9268e0dcd2ec8
                                                          • Opcode Fuzzy Hash: 5a15b29d0f92d6443157d77f33eaa8f4a3937e3f0f29ae87378681213ebd7574
                                                          • Instruction Fuzzy Hash: FD027C71910219AFDB16DF64CD89EAE7BB9EF49314F048518F919EB2A1CB70ED01CB60
                                                          Function 003C70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetTextColor.GDI32(?,00000000), ref: 003C712F
                                                          • GetSysColorBrush.USER32(0000000F), ref: 003C7160
                                                          • GetSysColor.USER32(0000000F), ref: 003C716C
                                                          • SetBkColor.GDI32(?,000000FF), ref: 003C7186
                                                          • SelectObject.GDI32(?,?), ref: 003C7195
                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 003C71C0
                                                          • GetSysColor.USER32(00000010), ref: 003C71C8
                                                          • CreateSolidBrush.GDI32(00000000), ref: 003C71CF
                                                          • FrameRect.USER32(?,?,00000000), ref: 003C71DE
                                                          • DeleteObject.GDI32(00000000), ref: 003C71E5
                                                          • InflateRect.USER32(?,000000FE,000000FE), ref: 003C7230
                                                          • FillRect.USER32(?,?,?), ref: 003C7262
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 003C7284
                                                            • Part of subcall function 003C73E8: GetSysColor.USER32(00000012), ref: 003C7421
                                                            • Part of subcall function 003C73E8: SetTextColor.GDI32(?,?), ref: 003C7425
                                                            • Part of subcall function 003C73E8: GetSysColorBrush.USER32(0000000F), ref: 003C743B
                                                            • Part of subcall function 003C73E8: GetSysColor.USER32(0000000F), ref: 003C7446
                                                            • Part of subcall function 003C73E8: GetSysColor.USER32(00000011), ref: 003C7463
                                                            • Part of subcall function 003C73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 003C7471
                                                            • Part of subcall function 003C73E8: SelectObject.GDI32(?,00000000), ref: 003C7482
                                                            • Part of subcall function 003C73E8: SetBkColor.GDI32(?,00000000), ref: 003C748B
                                                            • Part of subcall function 003C73E8: SelectObject.GDI32(?,?), ref: 003C7498
                                                            • Part of subcall function 003C73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 003C74B7
                                                            • Part of subcall function 003C73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 003C74CE
                                                            • Part of subcall function 003C73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 003C74DB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                          • String ID:
                                                          • API String ID: 4124339563-0
                                                          • Opcode ID: 45ee0658936098a11ad0077ac4c5b6a54aecaab0616f8be1073f24f57ae35711
                                                          • Instruction ID: 287f7da80c1d5ea5cb6ab1ebe75e7da88d9714212613e536b2618f1be68aba8c
                                                          • Opcode Fuzzy Hash: 45ee0658936098a11ad0077ac4c5b6a54aecaab0616f8be1073f24f57ae35711
                                                          • Instruction Fuzzy Hash: 9FA19D72018301AFDB029F61DC48E6BBBA9FB89320F141A19F966D61E1D731F944CF91
                                                          Function 00348D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DestroyWindow.USER32(?,?), ref: 00348E14
                                                          • SendMessageW.USER32(?,00001308,?,00000000), ref: 00386AC5
                                                          • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00386AFE
                                                          • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00386F43
                                                            • Part of subcall function 00348F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00348BE8,?,00000000,?,?,?,?,00348BBA,00000000,?), ref: 00348FC5
                                                          • SendMessageW.USER32(?,00001053), ref: 00386F7F
                                                          • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00386F96
                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00386FAC
                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00386FB7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                          • String ID: 0
                                                          • API String ID: 2760611726-4108050209
                                                          • Opcode ID: 8d28a93bcbc8230c57210f5d1d60ffe34123cab7fc3f653e841107345a8f4329
                                                          • Instruction ID: f0819ad5859bbb569006bfb543da91db37a5760e6f40e7f1e65dd70b3916c996
                                                          • Opcode Fuzzy Hash: 8d28a93bcbc8230c57210f5d1d60ffe34123cab7fc3f653e841107345a8f4329
                                                          • Instruction Fuzzy Hash: D912AB30600201DFDB27EF24C995BAAB7E9FB44300F1544A9E589DB662CB31FC92DB91
                                                          Function 003B2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DestroyWindow.USER32(00000000), ref: 003B273E
                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 003B286A
                                                          • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 003B28A9
                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 003B28B9
                                                          • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 003B2900
                                                          • GetClientRect.USER32(00000000,?), ref: 003B290C
                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 003B2955
                                                          • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 003B2964
                                                          • GetStockObject.GDI32(00000011), ref: 003B2974
                                                          • SelectObject.GDI32(00000000,00000000), ref: 003B2978
                                                          • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 003B2988
                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003B2991
                                                          • DeleteDC.GDI32(00000000), ref: 003B299A
                                                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 003B29C6
                                                          • SendMessageW.USER32(00000030,00000000,00000001), ref: 003B29DD
                                                          • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 003B2A1D
                                                          • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 003B2A31
                                                          • SendMessageW.USER32(00000404,00000001,00000000), ref: 003B2A42
                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 003B2A77
                                                          • GetStockObject.GDI32(00000011), ref: 003B2A82
                                                          • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 003B2A8D
                                                          • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 003B2A97
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                          • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                          • API String ID: 2910397461-517079104
                                                          • Opcode ID: d3acf987375aa4005f98f9d9ed8871945171250656263509393ffb4df2e5bdad
                                                          • Instruction ID: 47d3c41e0db9b6075c80a6dae26884b68283f6b53f1be8cacb8f46508ac3dabc
                                                          • Opcode Fuzzy Hash: d3acf987375aa4005f98f9d9ed8871945171250656263509393ffb4df2e5bdad
                                                          • Instruction Fuzzy Hash: 32B16F71A10215AFEB15DF69CD8AFAF7BA9EB09714F004114FA14EB6A0D770ED40CB54
                                                          Function 003A4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNEL32(00000001), ref: 003A4AED
                                                          • GetDriveTypeW.KERNEL32(?,003CCB68,?,\\.\,003CCC08), ref: 003A4BCA
                                                          • SetErrorMode.KERNEL32(00000000,003CCB68,?,\\.\,003CCC08), ref: 003A4D36
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorMode$DriveType
                                                          • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                          • API String ID: 2907320926-4222207086
                                                          • Opcode ID: aa1d843e30b8bf25d6b1e2476a2d4acf56e6064aaaeca6166b66b9f1c96c6ff7
                                                          • Instruction ID: 8e601fa9b2b52eda7385b550fa07c232c82e35b140d6f3e6617f19caf608e3cb
                                                          • Opcode Fuzzy Hash: aa1d843e30b8bf25d6b1e2476a2d4acf56e6064aaaeca6166b66b9f1c96c6ff7
                                                          • Instruction Fuzzy Hash: 0061D330605309EBCB07DF28CA83DBC77B4EB86350B248415F90AABA56DBB1ED41DB51
                                                          Function 003C73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetSysColor.USER32(00000012), ref: 003C7421
                                                          • SetTextColor.GDI32(?,?), ref: 003C7425
                                                          • GetSysColorBrush.USER32(0000000F), ref: 003C743B
                                                          • GetSysColor.USER32(0000000F), ref: 003C7446
                                                          • CreateSolidBrush.GDI32(?), ref: 003C744B
                                                          • GetSysColor.USER32(00000011), ref: 003C7463
                                                          • CreatePen.GDI32(00000000,00000001,00743C00), ref: 003C7471
                                                          • SelectObject.GDI32(?,00000000), ref: 003C7482
                                                          • SetBkColor.GDI32(?,00000000), ref: 003C748B
                                                          • SelectObject.GDI32(?,?), ref: 003C7498
                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 003C74B7
                                                          • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 003C74CE
                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 003C74DB
                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 003C752A
                                                          • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 003C7554
                                                          • InflateRect.USER32(?,000000FD,000000FD), ref: 003C7572
                                                          • DrawFocusRect.USER32(?,?), ref: 003C757D
                                                          • GetSysColor.USER32(00000011), ref: 003C758E
                                                          • SetTextColor.GDI32(?,00000000), ref: 003C7596
                                                          • DrawTextW.USER32(?,003C70F5,000000FF,?,00000000), ref: 003C75A8
                                                          • SelectObject.GDI32(?,?), ref: 003C75BF
                                                          • DeleteObject.GDI32(?), ref: 003C75CA
                                                          • SelectObject.GDI32(?,?), ref: 003C75D0
                                                          • DeleteObject.GDI32(?), ref: 003C75D5
                                                          • SetTextColor.GDI32(?,?), ref: 003C75DB
                                                          • SetBkColor.GDI32(?,?), ref: 003C75E5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                          • String ID:
                                                          • API String ID: 1996641542-0
                                                          • Opcode ID: 34b059f7895b1d2a9d6573e295de1a75f24c49ad9b65cec028a0e10be12db1c3
                                                          • Instruction ID: 715b4e6cee5a6aebe8a912339a843f62d286d9c097b4e938db49f3cb53a7add1
                                                          • Opcode Fuzzy Hash: 34b059f7895b1d2a9d6573e295de1a75f24c49ad9b65cec028a0e10be12db1c3
                                                          • Instruction Fuzzy Hash: C8615972900218AFDB029FA5DC49EAEBFB9EB09320F155115F919EB2A1D771AD40CF90
                                                          Function 003C0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCursorPos.USER32(?), ref: 003C1128
                                                          • GetDesktopWindow.USER32 ref: 003C113D
                                                          • GetWindowRect.USER32(00000000), ref: 003C1144
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 003C1199
                                                          • DestroyWindow.USER32(?), ref: 003C11B9
                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 003C11ED
                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003C120B
                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 003C121D
                                                          • SendMessageW.USER32(00000000,00000421,?,?), ref: 003C1232
                                                          • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 003C1245
                                                          • IsWindowVisible.USER32(00000000), ref: 003C12A1
                                                          • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 003C12BC
                                                          • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 003C12D0
                                                          • GetWindowRect.USER32(00000000,?), ref: 003C12E8
                                                          • MonitorFromPoint.USER32(?,?,00000002), ref: 003C130E
                                                          • GetMonitorInfoW.USER32(00000000,?), ref: 003C1328
                                                          • CopyRect.USER32(?,?), ref: 003C133F
                                                          • SendMessageW.USER32(00000000,00000412,00000000), ref: 003C13AA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                          • String ID: ($0$tooltips_class32
                                                          • API String ID: 698492251-4156429822
                                                          • Opcode ID: b8bb5b61e1cde6a897ef62bac4bd09794732bb412181b59c29f8a36f39094080
                                                          • Instruction ID: d072f7e5bcbb4962c96b3df070fe53ce5d5aba2c2707745c411075c11a1247f3
                                                          • Opcode Fuzzy Hash: b8bb5b61e1cde6a897ef62bac4bd09794732bb412181b59c29f8a36f39094080
                                                          • Instruction Fuzzy Hash: 25B16671604341AFD711DF64C984F6ABBE8AB89344F00891CF999DB2A2C771EC44DB92
                                                          Function 00348891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00348968
                                                          • GetSystemMetrics.USER32(00000007), ref: 00348970
                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0034899B
                                                          • GetSystemMetrics.USER32(00000008), ref: 003489A3
                                                          • GetSystemMetrics.USER32(00000004), ref: 003489C8
                                                          • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 003489E5
                                                          • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 003489F5
                                                          • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00348A28
                                                          • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00348A3C
                                                          • GetClientRect.USER32(00000000,000000FF), ref: 00348A5A
                                                          • GetStockObject.GDI32(00000011), ref: 00348A76
                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 00348A81
                                                            • Part of subcall function 0034912D: GetCursorPos.USER32(?), ref: 00349141
                                                            • Part of subcall function 0034912D: ScreenToClient.USER32(00000000,?), ref: 0034915E
                                                            • Part of subcall function 0034912D: GetAsyncKeyState.USER32(00000001), ref: 00349183
                                                            • Part of subcall function 0034912D: GetAsyncKeyState.USER32(00000002), ref: 0034919D
                                                          • SetTimer.USER32(00000000,00000000,00000028,003490FC), ref: 00348AA8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                          • String ID: AutoIt v3 GUI
                                                          • API String ID: 1458621304-248962490
                                                          • Opcode ID: 5b6ffdc352d1a73cf8d5ce4c84410de40ed05238ee719a23d1827a935062b7b9
                                                          • Instruction ID: a6d4c405e7dc08f85e6c8a23f6d3b57781c2327a42bfb293571dc5b431fe5992
                                                          • Opcode Fuzzy Hash: 5b6ffdc352d1a73cf8d5ce4c84410de40ed05238ee719a23d1827a935062b7b9
                                                          • Instruction Fuzzy Hash: 6DB17D71A002099FDB16EFA8CD45FAE3BB5FB48314F114229FA15EB2A0DB74E940CB55
                                                          Function 00390D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 003910F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00391114
                                                            • Part of subcall function 003910F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00390B9B,?,?,?), ref: 00391120
                                                            • Part of subcall function 003910F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00390B9B,?,?,?), ref: 0039112F
                                                            • Part of subcall function 003910F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00390B9B,?,?,?), ref: 00391136
                                                            • Part of subcall function 003910F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0039114D
                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00390DF5
                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00390E29
                                                          • GetLengthSid.ADVAPI32(?), ref: 00390E40
                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00390E7A
                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00390E96
                                                          • GetLengthSid.ADVAPI32(?), ref: 00390EAD
                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00390EB5
                                                          • HeapAlloc.KERNEL32(00000000), ref: 00390EBC
                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00390EDD
                                                          • CopySid.ADVAPI32(00000000), ref: 00390EE4
                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00390F13
                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00390F35
                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00390F47
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00390F6E
                                                          • HeapFree.KERNEL32(00000000), ref: 00390F75
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00390F7E
                                                          • HeapFree.KERNEL32(00000000), ref: 00390F85
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00390F8E
                                                          • HeapFree.KERNEL32(00000000), ref: 00390F95
                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00390FA1
                                                          • HeapFree.KERNEL32(00000000), ref: 00390FA8
                                                            • Part of subcall function 00391193: GetProcessHeap.KERNEL32(00000008,00390BB1,?,00000000,?,00390BB1,?), ref: 003911A1
                                                            • Part of subcall function 00391193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00390BB1,?), ref: 003911A8
                                                            • Part of subcall function 00391193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00390BB1,?), ref: 003911B7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                          • String ID:
                                                          • API String ID: 4175595110-0
                                                          • Opcode ID: 9118ff68a6fa784a231ee95420e28172719fed76c4b9c8bfb3561ecf612338a6
                                                          • Instruction ID: 591d971b0f1597b3d5939c7dfc5c3007eb66dd5c2b79112fbaf8c5791a471300
                                                          • Opcode Fuzzy Hash: 9118ff68a6fa784a231ee95420e28172719fed76c4b9c8bfb3561ecf612338a6
                                                          • Instruction Fuzzy Hash: D871597290021AAFDF269FA5DC48FAEBBBCFF04300F054115F91AE6291D731AA05CB60
                                                          Function 003BC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003BC4BD
                                                          • RegCreateKeyExW.ADVAPI32(?,?,00000000,003CCC08,00000000,?,00000000,?,?), ref: 003BC544
                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 003BC5A4
                                                          • _wcslen.LIBCMT ref: 003BC5F4
                                                          • _wcslen.LIBCMT ref: 003BC66F
                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 003BC6B2
                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 003BC7C1
                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 003BC84D
                                                          • RegCloseKey.ADVAPI32(?), ref: 003BC881
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 003BC88E
                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 003BC960
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                          • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                          • API String ID: 9721498-966354055
                                                          • Opcode ID: 1975a16c4e6d69dcfc9a85a37d06a15d27819108750c82ae45ca2170a1884062
                                                          • Instruction ID: 6f11561fe6292c89576c63abb5bc83f46801c57097d88303a9f37c2d5e22fbd2
                                                          • Opcode Fuzzy Hash: 1975a16c4e6d69dcfc9a85a37d06a15d27819108750c82ae45ca2170a1884062
                                                          • Instruction Fuzzy Hash: C01287752142009FDB26DF14C881E6AB7E5EF89718F05885DF98A9B7A2DB31FC41CB81
                                                          Function 003C091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharUpperBuffW.USER32(?,?), ref: 003C09C6
                                                          • _wcslen.LIBCMT ref: 003C0A01
                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 003C0A54
                                                          • _wcslen.LIBCMT ref: 003C0A8A
                                                          • _wcslen.LIBCMT ref: 003C0B06
                                                          • _wcslen.LIBCMT ref: 003C0B81
                                                            • Part of subcall function 0034F9F2: _wcslen.LIBCMT ref: 0034F9FD
                                                            • Part of subcall function 00392BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00392BFA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                          • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                          • API String ID: 1103490817-4258414348
                                                          • Opcode ID: 1efeb9daeccfdde1dbecda061492c0be34fbb97194629e0991d863646eeafa4f
                                                          • Instruction ID: f24ed68e8ecccad1ec1a7c4a5ff5d992e74fbc8c0b3e2e6e820fd2c4bb57b205
                                                          • Opcode Fuzzy Hash: 1efeb9daeccfdde1dbecda061492c0be34fbb97194629e0991d863646eeafa4f
                                                          • Instruction Fuzzy Hash: D0E17935208741DFCB1AEF28C490A2AB7E1BF98314F15895CF8969B762D731ED45CB81
                                                          Function 003BC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$BuffCharUpper
                                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                          • API String ID: 1256254125-909552448
                                                          • Opcode ID: d6b6a0f05573936316549639a5926843304a40e639883f248469301292f6536e
                                                          • Instruction ID: 0d3f1788521cc8f6aa39382c0ff705bae852c994b1549ed7e359c294a2a97f2a
                                                          • Opcode Fuzzy Hash: d6b6a0f05573936316549639a5926843304a40e639883f248469301292f6536e
                                                          • Instruction Fuzzy Hash: 5C71163262012A8BCB32DE3CCD415FF3795AB60758F262128FE55ABA85E731DD4583A0
                                                          Function 003C833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _wcslen.LIBCMT ref: 003C835A
                                                          • _wcslen.LIBCMT ref: 003C836E
                                                          • _wcslen.LIBCMT ref: 003C8391
                                                          • _wcslen.LIBCMT ref: 003C83B4
                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 003C83F2
                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,003C361A,?), ref: 003C844E
                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 003C8487
                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 003C84CA
                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 003C8501
                                                          • FreeLibrary.KERNEL32(?), ref: 003C850D
                                                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 003C851D
                                                          • DestroyIcon.USER32(?), ref: 003C852C
                                                          • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 003C8549
                                                          • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 003C8555
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                          • String ID: .dll$.exe$.icl
                                                          • API String ID: 799131459-1154884017
                                                          • Opcode ID: 1186b7de7a8355f07e742aa3b1bdd89cc28f8d98754c2b4d16bfe0ce78a4ca9d
                                                          • Instruction ID: dbf1df8364cc47aaf3a4433a38a89b3db209f552023ece8fd9f1ca7503793675
                                                          • Opcode Fuzzy Hash: 1186b7de7a8355f07e742aa3b1bdd89cc28f8d98754c2b4d16bfe0ce78a4ca9d
                                                          • Instruction Fuzzy Hash: E661DF71500219BAEB1ADF65CC81FBE77ACBB05B11F10460AF915DA0D1DBB4AE90CBA0
                                                          Function 00337778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                          • API String ID: 0-1645009161
                                                          • Opcode ID: 49e3543c283c11106ccf37580512d4096b3929d07f55d17d52b366483e40025b
                                                          • Instruction ID: 33e84e0f95355229927dca2fb428bd8f31c398fae41fb9122931e4e88fdf4af3
                                                          • Opcode Fuzzy Hash: 49e3543c283c11106ccf37580512d4096b3929d07f55d17d52b366483e40025b
                                                          • Instruction Fuzzy Hash: FA81E5B1A04605BBDB37AF60CC83FBE77A8AF15301F058025F909AE192EBB5D945C791
                                                          Function 003A3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharLowerBuffW.USER32(?,?), ref: 003A3EF8
                                                          • _wcslen.LIBCMT ref: 003A3F03
                                                          • _wcslen.LIBCMT ref: 003A3F5A
                                                          • _wcslen.LIBCMT ref: 003A3F98
                                                          • GetDriveTypeW.KERNEL32(?), ref: 003A3FD6
                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003A401E
                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003A4059
                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003A4087
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                          • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                          • API String ID: 1839972693-4113822522
                                                          • Opcode ID: 01c2645e361f64a93713bdebed6b60b8e279a38c6d9476cd7630e3ade0fab1b7
                                                          • Instruction ID: 4fb2c93ee8c15bb90003d7e1e81ee0f61d608080ff44e92048c1ed62f91a23a3
                                                          • Opcode Fuzzy Hash: 01c2645e361f64a93713bdebed6b60b8e279a38c6d9476cd7630e3ade0fab1b7
                                                          • Instruction Fuzzy Hash: BD71F2326042019FC712EF24C88287AF7F4EF95758F11892DF9969B261EB30ED45CB91
                                                          Function 00395A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadIconW.USER32(00000063), ref: 00395A2E
                                                          • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00395A40
                                                          • SetWindowTextW.USER32(?,?), ref: 00395A57
                                                          • GetDlgItem.USER32(?,000003EA), ref: 00395A6C
                                                          • SetWindowTextW.USER32(00000000,?), ref: 00395A72
                                                          • GetDlgItem.USER32(?,000003E9), ref: 00395A82
                                                          • SetWindowTextW.USER32(00000000,?), ref: 00395A88
                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00395AA9
                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00395AC3
                                                          • GetWindowRect.USER32(?,?), ref: 00395ACC
                                                          • _wcslen.LIBCMT ref: 00395B33
                                                          • SetWindowTextW.USER32(?,?), ref: 00395B6F
                                                          • GetDesktopWindow.USER32 ref: 00395B75
                                                          • GetWindowRect.USER32(00000000), ref: 00395B7C
                                                          • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00395BD3
                                                          • GetClientRect.USER32(?,?), ref: 00395BE0
                                                          • PostMessageW.USER32(?,00000005,00000000,?), ref: 00395C05
                                                          • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00395C2F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                          • String ID:
                                                          • API String ID: 895679908-0
                                                          • Opcode ID: f89c70822905873ccd8d2efd8f26344a064b5b7b044f32abbe24a23b6e0bc86e
                                                          • Instruction ID: 9d155fa364839b97715f5940dc23709533ce2c72d559c11c906c59d1bfcf24d3
                                                          • Opcode Fuzzy Hash: f89c70822905873ccd8d2efd8f26344a064b5b7b044f32abbe24a23b6e0bc86e
                                                          • Instruction Fuzzy Hash: E7716C31900B09AFDF22DFA8CE85E6EBBF9FF48704F104518E586A65A0D775A990CB50
                                                          Function 003AFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadCursorW.USER32(00000000,00007F89), ref: 003AFE27
                                                          • LoadCursorW.USER32(00000000,00007F8A), ref: 003AFE32
                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 003AFE3D
                                                          • LoadCursorW.USER32(00000000,00007F03), ref: 003AFE48
                                                          • LoadCursorW.USER32(00000000,00007F8B), ref: 003AFE53
                                                          • LoadCursorW.USER32(00000000,00007F01), ref: 003AFE5E
                                                          • LoadCursorW.USER32(00000000,00007F81), ref: 003AFE69
                                                          • LoadCursorW.USER32(00000000,00007F88), ref: 003AFE74
                                                          • LoadCursorW.USER32(00000000,00007F80), ref: 003AFE7F
                                                          • LoadCursorW.USER32(00000000,00007F86), ref: 003AFE8A
                                                          • LoadCursorW.USER32(00000000,00007F83), ref: 003AFE95
                                                          • LoadCursorW.USER32(00000000,00007F85), ref: 003AFEA0
                                                          • LoadCursorW.USER32(00000000,00007F82), ref: 003AFEAB
                                                          • LoadCursorW.USER32(00000000,00007F84), ref: 003AFEB6
                                                          • LoadCursorW.USER32(00000000,00007F04), ref: 003AFEC1
                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 003AFECC
                                                          • GetCursorInfo.USER32(?), ref: 003AFEDC
                                                          • GetLastError.KERNEL32 ref: 003AFF1E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Cursor$Load$ErrorInfoLast
                                                          • String ID:
                                                          • API String ID: 3215588206-0
                                                          • Opcode ID: 2bf1dd637cab2a6d78a8e165e59b7e0a6da9458d56f0257376337003b0b46c13
                                                          • Instruction ID: 88d943cae7987bd3399086b888cfb7ea90da31aa311ec816d08c01ec162e0bc9
                                                          • Opcode Fuzzy Hash: 2bf1dd637cab2a6d78a8e165e59b7e0a6da9458d56f0257376337003b0b46c13
                                                          • Instruction Fuzzy Hash: A84161B0D083196EDB119FBA8C89C5EBFE8FF05754B54452AE11DEB281DB78A901CF90
                                                          Function 003930F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen
                                                          • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[?
                                                          • API String ID: 176396367-1448639043
                                                          • Opcode ID: 177f9012f259230eaef32e03a4e049040d473e58597badfbf6ba2b8fdd91261e
                                                          • Instruction ID: a555c3974ee41f83575249f658547f4227308302b012e0a1f58f26fc0f89f15f
                                                          • Opcode Fuzzy Hash: 177f9012f259230eaef32e03a4e049040d473e58597badfbf6ba2b8fdd91261e
                                                          • Instruction Fuzzy Hash: 25E1E572A00516ABCF1B9FA8C481BFEFBB4BF44710F568119E556FB250DB30AE858790
                                                          Function 003500C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 003500C6
                                                            • Part of subcall function 003500ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0040070C,00000FA0,74D28C04,?,?,?,?,003723B3,000000FF), ref: 0035011C
                                                            • Part of subcall function 003500ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,003723B3,000000FF), ref: 00350127
                                                            • Part of subcall function 003500ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,003723B3,000000FF), ref: 00350138
                                                            • Part of subcall function 003500ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0035014E
                                                            • Part of subcall function 003500ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0035015C
                                                            • Part of subcall function 003500ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0035016A
                                                            • Part of subcall function 003500ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00350195
                                                            • Part of subcall function 003500ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 003501A0
                                                          • ___scrt_fastfail.LIBCMT ref: 003500E7
                                                            • Part of subcall function 003500A3: __onexit.LIBCMT ref: 003500A9
                                                          Strings
                                                          • kernel32.dll, xrefs: 00350133
                                                          • InitializeConditionVariable, xrefs: 00350148
                                                          • WakeAllConditionVariable, xrefs: 00350162
                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00350122
                                                          • SleepConditionVariableCS, xrefs: 00350154
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                          • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                          • API String ID: 66158676-1714406822
                                                          • Opcode ID: d2bdadc748447ed92e835bba67dba1c6cb7131944385cbb1b335c974ab02eb2e
                                                          • Instruction ID: f7d25b1379f92bbe78ead8d11d2a6f82e8f3e6be4527bf8ad27d93b8e7e19d91
                                                          • Opcode Fuzzy Hash: d2bdadc748447ed92e835bba67dba1c6cb7131944385cbb1b335c974ab02eb2e
                                                          • Instruction Fuzzy Hash: C62129366407006FE7176B64AC0AF6A73D8DB04B52F05013AFC05E72E1DF75AC048B95
                                                          Function 003A44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharLowerBuffW.USER32(00000000,00000000,003CCC08), ref: 003A4527
                                                          • _wcslen.LIBCMT ref: 003A453B
                                                          • _wcslen.LIBCMT ref: 003A4599
                                                          • _wcslen.LIBCMT ref: 003A45F4
                                                          • _wcslen.LIBCMT ref: 003A463F
                                                          • _wcslen.LIBCMT ref: 003A46A7
                                                            • Part of subcall function 0034F9F2: _wcslen.LIBCMT ref: 0034F9FD
                                                          • GetDriveTypeW.KERNEL32(?,003F6BF0,00000061), ref: 003A4743
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$BuffCharDriveLowerType
                                                          • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                          • API String ID: 2055661098-1000479233
                                                          • Opcode ID: 8c7c612ad472570d836c1a929963307f481245e4fe2cdb9d5da436be480df8e7
                                                          • Instruction ID: d20f191a2182f97e402e432ce5054bc56b0a8e9140cd04428b6d3984406a1b0a
                                                          • Opcode Fuzzy Hash: 8c7c612ad472570d836c1a929963307f481245e4fe2cdb9d5da436be480df8e7
                                                          • Instruction Fuzzy Hash: 61B1EF316083029FC716DF28C891A6AB7E5EFE7720F51491DF496CB2A1E7B1D844CB92
                                                          Function 003C911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00349BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00349BB2
                                                          • DragQueryPoint.SHELL32(?,?), ref: 003C9147
                                                            • Part of subcall function 003C7674: ClientToScreen.USER32(?,?), ref: 003C769A
                                                            • Part of subcall function 003C7674: GetWindowRect.USER32(?,?), ref: 003C7710
                                                            • Part of subcall function 003C7674: PtInRect.USER32(?,?,003C8B89), ref: 003C7720
                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 003C91B0
                                                          • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 003C91BB
                                                          • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 003C91DE
                                                          • SendMessageW.USER32(?,000000C2,00000001,?), ref: 003C9225
                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 003C923E
                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 003C9255
                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 003C9277
                                                          • DragFinish.SHELL32(?), ref: 003C927E
                                                          • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 003C9371
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                          • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#@
                                                          • API String ID: 221274066-110456269
                                                          • Opcode ID: 32ff6184d0ded994427a584d460225cb3c12cbc23ea0ce1299fda2f055b18252
                                                          • Instruction ID: 30d93a0a6c1d8c0b9b7961b2b1be459276aceaeb193245c306838f8668ef1494
                                                          • Opcode Fuzzy Hash: 32ff6184d0ded994427a584d460225cb3c12cbc23ea0ce1299fda2f055b18252
                                                          • Instruction Fuzzy Hash: 76618D71108305AFC702DF64DD89EAFBBE8EF88750F00492EF595971A0DB70AA49CB52
                                                          Function 0033326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetMenuItemCount.USER32(00401990), ref: 00372F8D
                                                          • GetMenuItemCount.USER32(00401990), ref: 0037303D
                                                          • GetCursorPos.USER32(?), ref: 00373081
                                                          • SetForegroundWindow.USER32(00000000), ref: 0037308A
                                                          • TrackPopupMenuEx.USER32(00401990,00000000,?,00000000,00000000,00000000), ref: 0037309D
                                                          • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 003730A9
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                          • String ID: 0
                                                          • API String ID: 36266755-4108050209
                                                          • Opcode ID: 1b483645ffa181e9395c7477f93771f9fb1606d07949e2a498e4970384274b82
                                                          • Instruction ID: b575dc201b0a9176f2d6f136a9b6340a41a27d1118852640351e9e71f31d53e0
                                                          • Opcode Fuzzy Hash: 1b483645ffa181e9395c7477f93771f9fb1606d07949e2a498e4970384274b82
                                                          • Instruction Fuzzy Hash: 3F71E671644205BEEB338F25DC89FABBF68FF05364F208216F519AA1E0C7B5A910DB50
                                                          Function 003C6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DestroyWindow.USER32(00000000,?), ref: 003C6DEB
                                                            • Part of subcall function 00336B57: _wcslen.LIBCMT ref: 00336B6A
                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 003C6E5F
                                                          • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 003C6E81
                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003C6E94
                                                          • DestroyWindow.USER32(?), ref: 003C6EB5
                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00330000,00000000), ref: 003C6EE4
                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003C6EFD
                                                          • GetDesktopWindow.USER32 ref: 003C6F16
                                                          • GetWindowRect.USER32(00000000), ref: 003C6F1D
                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 003C6F35
                                                          • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 003C6F4D
                                                            • Part of subcall function 00349944: GetWindowLongW.USER32(?,000000EB), ref: 00349952
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                          • String ID: 0$tooltips_class32
                                                          • API String ID: 2429346358-3619404913
                                                          • Opcode ID: b8a484f45dc8b0909883ab872700d9f666d1a5ff5fe8e38d81ff747b3057125c
                                                          • Instruction ID: b850a23b0fa6f4ad20362ede217385762b1bff5e92c01c5f539be380254f1753
                                                          • Opcode Fuzzy Hash: b8a484f45dc8b0909883ab872700d9f666d1a5ff5fe8e38d81ff747b3057125c
                                                          • Instruction Fuzzy Hash: 6D715574104244AFDB22DF28DD59FAABBE9EF89304F08442EF989D7261C770AD06DB15
                                                          Function 003AC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 003AC4B0
                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 003AC4C3
                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 003AC4D7
                                                          • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 003AC4F0
                                                          • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 003AC533
                                                          • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 003AC549
                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003AC554
                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 003AC584
                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 003AC5DC
                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 003AC5F0
                                                          • InternetCloseHandle.WININET(00000000), ref: 003AC5FB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                          • String ID:
                                                          • API String ID: 3800310941-3916222277
                                                          • Opcode ID: a52d36612e1ca7d774226ce587fe01af40080d33ab892460f2e9cf1a11af7e68
                                                          • Instruction ID: ef53319b3283116355678a7b77bbe0bf56d54c63adae3c8ec743ee2e7f8fdba9
                                                          • Opcode Fuzzy Hash: a52d36612e1ca7d774226ce587fe01af40080d33ab892460f2e9cf1a11af7e68
                                                          • Instruction Fuzzy Hash: 99514BB1510204BFDB238F61C948EAA7BFCFF0A744F006519F949D6610DB35E944DB60
                                                          Function 003C856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 003C8592
                                                          • GetFileSize.KERNEL32(00000000,00000000), ref: 003C85A2
                                                          • GlobalAlloc.KERNEL32(00000002,00000000), ref: 003C85AD
                                                          • CloseHandle.KERNEL32(00000000), ref: 003C85BA
                                                          • GlobalLock.KERNEL32(00000000), ref: 003C85C8
                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 003C85D7
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 003C85E0
                                                          • CloseHandle.KERNEL32(00000000), ref: 003C85E7
                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 003C85F8
                                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,003CFC38,?), ref: 003C8611
                                                          • GlobalFree.KERNEL32(00000000), ref: 003C8621
                                                          • GetObjectW.GDI32(?,00000018,000000FF), ref: 003C8641
                                                          • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 003C8671
                                                          • DeleteObject.GDI32(00000000), ref: 003C8699
                                                          • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 003C86AF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                          • String ID:
                                                          • API String ID: 3840717409-0
                                                          • Opcode ID: a6d57486e6006a32aae337b1257b8d263bc6e84a536abd7ae929fb99f500cace
                                                          • Instruction ID: 97481e60935a43c1c16f7d23834e6ab07d61d21bb08d91a0730459e76b1e04d6
                                                          • Opcode Fuzzy Hash: a6d57486e6006a32aae337b1257b8d263bc6e84a536abd7ae929fb99f500cace
                                                          • Instruction Fuzzy Hash: 7A410C75610204AFDB129FA5DC48EAABBBCFF89711F154458F909E7260DB70AE01DB60
                                                          Function 003A14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(00000000), ref: 003A1502
                                                          • VariantCopy.OLEAUT32(?,?), ref: 003A150B
                                                          • VariantClear.OLEAUT32(?), ref: 003A1517
                                                          • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 003A15FB
                                                          • VarR8FromDec.OLEAUT32(?,?), ref: 003A1657
                                                          • VariantInit.OLEAUT32(?), ref: 003A1708
                                                          • SysFreeString.OLEAUT32(?), ref: 003A178C
                                                          • VariantClear.OLEAUT32(?), ref: 003A17D8
                                                          • VariantClear.OLEAUT32(?), ref: 003A17E7
                                                          • VariantInit.OLEAUT32(00000000), ref: 003A1823
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                          • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                          • API String ID: 1234038744-3931177956
                                                          • Opcode ID: f0dfe317f5ae2735f177dfb6a3f69cc0630a56a8fb73c487277a7bf40703bbc8
                                                          • Instruction ID: ed5174aaf77762885d7e0af0d2bfa7797c1d105e32500908807435ffa9eed73a
                                                          • Opcode Fuzzy Hash: f0dfe317f5ae2735f177dfb6a3f69cc0630a56a8fb73c487277a7bf40703bbc8
                                                          • Instruction Fuzzy Hash: 26D10E32E00505EBDB02AFA5D895BB9B7B9FF47700F14805AE846AF580DB30EC41DBA1
                                                          Function 003BB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                            • Part of subcall function 003BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003BB6AE,?,?), ref: 003BC9B5
                                                            • Part of subcall function 003BC998: _wcslen.LIBCMT ref: 003BC9F1
                                                            • Part of subcall function 003BC998: _wcslen.LIBCMT ref: 003BCA68
                                                            • Part of subcall function 003BC998: _wcslen.LIBCMT ref: 003BCA9E
                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003BB6F4
                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003BB772
                                                          • RegDeleteValueW.ADVAPI32(?,?), ref: 003BB80A
                                                          • RegCloseKey.ADVAPI32(?), ref: 003BB87E
                                                          • RegCloseKey.ADVAPI32(?), ref: 003BB89C
                                                          • LoadLibraryA.KERNEL32(advapi32.dll), ref: 003BB8F2
                                                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 003BB904
                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 003BB922
                                                          • FreeLibrary.KERNEL32(00000000), ref: 003BB983
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 003BB994
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                          • API String ID: 146587525-4033151799
                                                          • Opcode ID: 4b315ca804c4b4b1902c199458acc86794bafd1ee74d1eb6995fd2a60756bf34
                                                          • Instruction ID: f9f510fb033d6afbcb4213ee6e6b8c3293e8fcb49172fa0a99ab916e0d7f9c15
                                                          • Opcode Fuzzy Hash: 4b315ca804c4b4b1902c199458acc86794bafd1ee74d1eb6995fd2a60756bf34
                                                          • Instruction Fuzzy Hash: 93C19D34208201AFD712DF14C495F6AFBE5FF84318F15849CE69A8B6A2CBB1ED45CB91
                                                          Function 003B255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDC.USER32(00000000), ref: 003B25D8
                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 003B25E8
                                                          • CreateCompatibleDC.GDI32(?), ref: 003B25F4
                                                          • SelectObject.GDI32(00000000,?), ref: 003B2601
                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 003B266D
                                                          • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 003B26AC
                                                          • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 003B26D0
                                                          • SelectObject.GDI32(?,?), ref: 003B26D8
                                                          • DeleteObject.GDI32(?), ref: 003B26E1
                                                          • DeleteDC.GDI32(?), ref: 003B26E8
                                                          • ReleaseDC.USER32(00000000,?), ref: 003B26F3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                          • String ID: (
                                                          • API String ID: 2598888154-3887548279
                                                          • Opcode ID: e278e2df4b5b3c7e85d637b30600309714828d1916bea0a4dd5eb4ebffbe64a2
                                                          • Instruction ID: a6b80b54b716300d19dbed2ed2fd355c3818698280649b8ccc60aca294d095be
                                                          • Opcode Fuzzy Hash: e278e2df4b5b3c7e85d637b30600309714828d1916bea0a4dd5eb4ebffbe64a2
                                                          • Instruction Fuzzy Hash: F161E275D00219EFCB05CFA8D884EAEBBB9FF48310F248529EA59A7650D770A951CF50
                                                          Function 0036DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • ___free_lconv_mon.LIBCMT ref: 0036DAA1
                                                            • Part of subcall function 0036D63C: _free.LIBCMT ref: 0036D659
                                                            • Part of subcall function 0036D63C: _free.LIBCMT ref: 0036D66B
                                                            • Part of subcall function 0036D63C: _free.LIBCMT ref: 0036D67D
                                                            • Part of subcall function 0036D63C: _free.LIBCMT ref: 0036D68F
                                                            • Part of subcall function 0036D63C: _free.LIBCMT ref: 0036D6A1
                                                            • Part of subcall function 0036D63C: _free.LIBCMT ref: 0036D6B3
                                                            • Part of subcall function 0036D63C: _free.LIBCMT ref: 0036D6C5
                                                            • Part of subcall function 0036D63C: _free.LIBCMT ref: 0036D6D7
                                                            • Part of subcall function 0036D63C: _free.LIBCMT ref: 0036D6E9
                                                            • Part of subcall function 0036D63C: _free.LIBCMT ref: 0036D6FB
                                                            • Part of subcall function 0036D63C: _free.LIBCMT ref: 0036D70D
                                                            • Part of subcall function 0036D63C: _free.LIBCMT ref: 0036D71F
                                                            • Part of subcall function 0036D63C: _free.LIBCMT ref: 0036D731
                                                          • _free.LIBCMT ref: 0036DA96
                                                            • Part of subcall function 003629C8: HeapFree.KERNEL32(00000000,00000000,?,0036D7D1,00000000,00000000,00000000,00000000,?,0036D7F8,00000000,00000007,00000000,?,0036DBF5,00000000), ref: 003629DE
                                                            • Part of subcall function 003629C8: GetLastError.KERNEL32(00000000,?,0036D7D1,00000000,00000000,00000000,00000000,?,0036D7F8,00000000,00000007,00000000,?,0036DBF5,00000000,00000000), ref: 003629F0
                                                          • _free.LIBCMT ref: 0036DAB8
                                                          • _free.LIBCMT ref: 0036DACD
                                                          • _free.LIBCMT ref: 0036DAD8
                                                          • _free.LIBCMT ref: 0036DAFA
                                                          • _free.LIBCMT ref: 0036DB0D
                                                          • _free.LIBCMT ref: 0036DB1B
                                                          • _free.LIBCMT ref: 0036DB26
                                                          • _free.LIBCMT ref: 0036DB5E
                                                          • _free.LIBCMT ref: 0036DB65
                                                          • _free.LIBCMT ref: 0036DB82
                                                          • _free.LIBCMT ref: 0036DB9A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                          • String ID:
                                                          • API String ID: 161543041-0
                                                          • Opcode ID: 278177196097487cac48de3a350a71367e66c0310c5230840ccae3f19cb8f322
                                                          • Instruction ID: dfc110e27de1b08c7e9c5d28a5194ca201564474e56af22a5237be7576bcf861
                                                          • Opcode Fuzzy Hash: 278177196097487cac48de3a350a71367e66c0310c5230840ccae3f19cb8f322
                                                          • Instruction Fuzzy Hash: A6315A31B046049FEB27AA79E845B6B77E9FF42350F16C419E449DB199DB30AC508720
                                                          Function 0039365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetClassNameW.USER32(?,?,00000100), ref: 0039369C
                                                          • _wcslen.LIBCMT ref: 003936A7
                                                          • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00393797
                                                          • GetClassNameW.USER32(?,?,00000400), ref: 0039380C
                                                          • GetDlgCtrlID.USER32(?), ref: 0039385D
                                                          • GetWindowRect.USER32(?,?), ref: 00393882
                                                          • GetParent.USER32(?), ref: 003938A0
                                                          • ScreenToClient.USER32(00000000), ref: 003938A7
                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00393921
                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 0039395D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                          • String ID: %s%u
                                                          • API String ID: 4010501982-679674701
                                                          • Opcode ID: 5748febb2b875b52b7824c17dc473fbeb6ca6a0dd5ecd003dacd9614d32afd35
                                                          • Instruction ID: a648bcd9a0d8653c253dd18489b8d66cd5745203d74aaeb2d8ee2e2aad52fb8f
                                                          • Opcode Fuzzy Hash: 5748febb2b875b52b7824c17dc473fbeb6ca6a0dd5ecd003dacd9614d32afd35
                                                          • Instruction Fuzzy Hash: 1791B3B1204606AFDB1ADF64C885FEAF7A8FF44350F008529F999D6190DB30EA59CB91
                                                          Function 00394954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00394994
                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 003949DA
                                                          • _wcslen.LIBCMT ref: 003949EB
                                                          • CharUpperBuffW.USER32(?,00000000), ref: 003949F7
                                                          • _wcsstr.LIBVCRUNTIME ref: 00394A2C
                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00394A64
                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00394A9D
                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00394AE6
                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00394B20
                                                          • GetWindowRect.USER32(?,?), ref: 00394B8B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                          • String ID: ThumbnailClass
                                                          • API String ID: 1311036022-1241985126
                                                          • Opcode ID: 210c1f81d6bb26001a7abf102b0a2b2a5b867d8f13517cefe66c46e7e29ed6d6
                                                          • Instruction ID: f5db9d029bac249ef57305214df8310d543c629ec440f2e50064f5608c127cc6
                                                          • Opcode Fuzzy Hash: 210c1f81d6bb26001a7abf102b0a2b2a5b867d8f13517cefe66c46e7e29ed6d6
                                                          • Instruction Fuzzy Hash: BA91A1721082059FDF06DF14C985FAA77E8FF84314F05846AFD899A196EB30ED46CBA1
                                                          Function 0039BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetMenuItemInfoW.USER32(00401990,000000FF,00000000,00000030), ref: 0039BFAC
                                                          • SetMenuItemInfoW.USER32(00401990,00000004,00000000,00000030), ref: 0039BFE1
                                                          • Sleep.KERNEL32(000001F4), ref: 0039BFF3
                                                          • GetMenuItemCount.USER32(?), ref: 0039C039
                                                          • GetMenuItemID.USER32(?,00000000), ref: 0039C056
                                                          • GetMenuItemID.USER32(?,-00000001), ref: 0039C082
                                                          • GetMenuItemID.USER32(?,?), ref: 0039C0C9
                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0039C10F
                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0039C124
                                                          • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0039C145
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                          • String ID: 0
                                                          • API String ID: 1460738036-4108050209
                                                          • Opcode ID: 35d09d7643f3883e59f2534b1c1616ed7cb34dbcc35218ba7578beba931a9402
                                                          • Instruction ID: 29fb9181a636f500f968dcba9fc60bb179ff1b6705d78cfff31dd83ac54dbfcf
                                                          • Opcode Fuzzy Hash: 35d09d7643f3883e59f2534b1c1616ed7cb34dbcc35218ba7578beba931a9402
                                                          • Instruction Fuzzy Hash: 66619EB092024AAFDF12CF64DD88EEEBBB8EB06344F015159F815A7292C735ED45CB60
                                                          Function 003BCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 003BCC64
                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 003BCC8D
                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 003BCD48
                                                            • Part of subcall function 003BCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 003BCCAA
                                                            • Part of subcall function 003BCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 003BCCBD
                                                            • Part of subcall function 003BCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 003BCCCF
                                                            • Part of subcall function 003BCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 003BCD05
                                                            • Part of subcall function 003BCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 003BCD28
                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 003BCCF3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                          • API String ID: 2734957052-4033151799
                                                          • Opcode ID: 79634a6c6e22e14e546e98f3014191d0ce55a44d14f00d2020aead9a063b073f
                                                          • Instruction ID: a43ffb52aa72931739b60d47447d44d2582763403a39ff6c64ac50f65ac4f65f
                                                          • Opcode Fuzzy Hash: 79634a6c6e22e14e546e98f3014191d0ce55a44d14f00d2020aead9a063b073f
                                                          • Instruction Fuzzy Hash: 7C31A075911129BBD7328B51DC88EFFBB7CEF51744F001169EA0AE2100D6309A46DBA0
                                                          Function 003A3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 003A3D40
                                                          • _wcslen.LIBCMT ref: 003A3D6D
                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 003A3D9D
                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 003A3DBE
                                                          • RemoveDirectoryW.KERNEL32(?), ref: 003A3DCE
                                                          • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 003A3E55
                                                          • CloseHandle.KERNEL32(00000000), ref: 003A3E60
                                                          • CloseHandle.KERNEL32(00000000), ref: 003A3E6B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                          • String ID: :$\$\??\%s
                                                          • API String ID: 1149970189-3457252023
                                                          • Opcode ID: 3bb663f31cdf899763a251524a5b1eed83481df6f28c52c52687b3dccf5b5034
                                                          • Instruction ID: 147c97d67ffc27786b93a36e5bd99985fdc4abaf657f527c906cc6598af742f1
                                                          • Opcode Fuzzy Hash: 3bb663f31cdf899763a251524a5b1eed83481df6f28c52c52687b3dccf5b5034
                                                          • Instruction Fuzzy Hash: 2031C276910209ABDB229FA0DC49FEF37BCEF89740F1141B5FA09D6060EB74A7448B64
                                                          Function 0039E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • timeGetTime.WINMM ref: 0039E6B4
                                                            • Part of subcall function 0034E551: timeGetTime.WINMM(?,?,0039E6D4), ref: 0034E555
                                                          • Sleep.KERNEL32(0000000A), ref: 0039E6E1
                                                          • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0039E705
                                                          • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0039E727
                                                          • SetActiveWindow.USER32 ref: 0039E746
                                                          • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0039E754
                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 0039E773
                                                          • Sleep.KERNEL32(000000FA), ref: 0039E77E
                                                          • IsWindow.USER32 ref: 0039E78A
                                                          • EndDialog.USER32(00000000), ref: 0039E79B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                          • String ID: BUTTON
                                                          • API String ID: 1194449130-3405671355
                                                          • Opcode ID: be737da9fb929e383571a955436125f0c82f3ae6c695beee5843a908c82b4f26
                                                          • Instruction ID: ebb1aa120ed037245db8b26b3c5e69ffd9e376789b486543b344a98aa56c72f4
                                                          • Opcode Fuzzy Hash: be737da9fb929e383571a955436125f0c82f3ae6c695beee5843a908c82b4f26
                                                          • Instruction Fuzzy Hash: EE2150B0210205AFFF03AF61EE8DE253B6DF755748F181834F915E15A1DBB2AC408B19
                                                          Function 0039E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                          • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0039EA5D
                                                          • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0039EA73
                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0039EA84
                                                          • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0039EA96
                                                          • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0039EAA7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: SendString$_wcslen
                                                          • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                          • API String ID: 2420728520-1007645807
                                                          • Opcode ID: 7af52402bff7cbbd550038b61d434d240f5be0d11ed818a6f214b1214d44723a
                                                          • Instruction ID: 18d869fd9af7cc97c36932f1d242e6ef5431f4344e293f3f38239a94e9d51967
                                                          • Opcode Fuzzy Hash: 7af52402bff7cbbd550038b61d434d240f5be0d11ed818a6f214b1214d44723a
                                                          • Instruction Fuzzy Hash: 84117331A9025D79EB22E7A1DC8AEFF6A7CEBD1B00F404429F501A60E1EFB05D05C6B0
                                                          Function 00399F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetKeyboardState.USER32(?), ref: 0039A012
                                                          • SetKeyboardState.USER32(?), ref: 0039A07D
                                                          • GetAsyncKeyState.USER32(000000A0), ref: 0039A09D
                                                          • GetKeyState.USER32(000000A0), ref: 0039A0B4
                                                          • GetAsyncKeyState.USER32(000000A1), ref: 0039A0E3
                                                          • GetKeyState.USER32(000000A1), ref: 0039A0F4
                                                          • GetAsyncKeyState.USER32(00000011), ref: 0039A120
                                                          • GetKeyState.USER32(00000011), ref: 0039A12E
                                                          • GetAsyncKeyState.USER32(00000012), ref: 0039A157
                                                          • GetKeyState.USER32(00000012), ref: 0039A165
                                                          • GetAsyncKeyState.USER32(0000005B), ref: 0039A18E
                                                          • GetKeyState.USER32(0000005B), ref: 0039A19C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: State$Async$Keyboard
                                                          • String ID:
                                                          • API String ID: 541375521-0
                                                          • Opcode ID: c9fd9c5e714906a95d7ea9b81d5bd504792c0c95a772b5b79bbf5520b93d79bf
                                                          • Instruction ID: cc754b129c49be037475d4bc77b808fb043367ba251bcb082fe99461e318fcb3
                                                          • Opcode Fuzzy Hash: c9fd9c5e714906a95d7ea9b81d5bd504792c0c95a772b5b79bbf5520b93d79bf
                                                          • Instruction Fuzzy Hash: F751CB31904B8429FF37DB6489117EAFFF49F12384F09469ED5C25B1C2DA54AA4CC7A2
                                                          Function 00395CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,00000001), ref: 00395CE2
                                                          • GetWindowRect.USER32(00000000,?), ref: 00395CFB
                                                          • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00395D59
                                                          • GetDlgItem.USER32(?,00000002), ref: 00395D69
                                                          • GetWindowRect.USER32(00000000,?), ref: 00395D7B
                                                          • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00395DCF
                                                          • GetDlgItem.USER32(?,000003E9), ref: 00395DDD
                                                          • GetWindowRect.USER32(00000000,?), ref: 00395DEF
                                                          • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00395E31
                                                          • GetDlgItem.USER32(?,000003EA), ref: 00395E44
                                                          • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00395E5A
                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00395E67
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$ItemMoveRect$Invalidate
                                                          • String ID:
                                                          • API String ID: 3096461208-0
                                                          • Opcode ID: bbbb8b30795dc8d805294a2373fde12f5eb007d78286525bd5acc2dfcad9a973
                                                          • Instruction ID: c04fe0b5d07e128d35d6adc3ca1b8750af2a824d7ed06abfefab392f042b5ac9
                                                          • Opcode Fuzzy Hash: bbbb8b30795dc8d805294a2373fde12f5eb007d78286525bd5acc2dfcad9a973
                                                          • Instruction Fuzzy Hash: 2F512DB1B10605AFDF19DF68CD89EAEBBB9FB48300F148129F519E6290D770AE40CB50
                                                          Function 00348BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00348F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00348BE8,?,00000000,?,?,?,?,00348BBA,00000000,?), ref: 00348FC5
                                                          • DestroyWindow.USER32(?), ref: 00348C81
                                                          • KillTimer.USER32(00000000,?,?,?,?,00348BBA,00000000,?), ref: 00348D1B
                                                          • DestroyAcceleratorTable.USER32(00000000), ref: 00386973
                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00348BBA,00000000,?), ref: 003869A1
                                                          • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00348BBA,00000000,?), ref: 003869B8
                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00348BBA,00000000), ref: 003869D4
                                                          • DeleteObject.GDI32(00000000), ref: 003869E6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                          • String ID:
                                                          • API String ID: 641708696-0
                                                          • Opcode ID: 4a9aebc986ef8dc2a303b0086e883644fab3776a2c94a49019d18cd8acee7a59
                                                          • Instruction ID: 8e0e7c5f1bcc7f64df366fd208e21300ea2487ed63d62ca343bf45ee07faaff3
                                                          • Opcode Fuzzy Hash: 4a9aebc986ef8dc2a303b0086e883644fab3776a2c94a49019d18cd8acee7a59
                                                          • Instruction Fuzzy Hash: 36617871502710DFCB27AF14DA89B29B7F5FB40312F159568E046AA9B0CB35BD90CF94
                                                          Function 00349838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00349944: GetWindowLongW.USER32(?,000000EB), ref: 00349952
                                                          • GetSysColor.USER32(0000000F), ref: 00349862
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ColorLongWindow
                                                          • String ID:
                                                          • API String ID: 259745315-0
                                                          • Opcode ID: 9320c48d443e5b82404dbade91b60119ed4079fa97096230c6f5663ba2c6469e
                                                          • Instruction ID: cea4c19b6bb1628bbceae7e752306fff377673fdf6d883762f4029431c03b37b
                                                          • Opcode Fuzzy Hash: 9320c48d443e5b82404dbade91b60119ed4079fa97096230c6f5663ba2c6469e
                                                          • Instruction Fuzzy Hash: A34185311046409FDB225F3D9C44FBA37E9AB46330F294656F9A68B1E1D731EC42DB10
                                                          Function 00368D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .5
                                                          • API String ID: 0-4279605997
                                                          • Opcode ID: 6e74fb9ef035ad728cab610ef64f8ca428c56f403ef154eba81718253c84b15a
                                                          • Instruction ID: d5c903947fd9e1a93b36358c201cc5ba80de059ce4d2226aa7d400276af59efd
                                                          • Opcode Fuzzy Hash: 6e74fb9ef035ad728cab610ef64f8ca428c56f403ef154eba81718253c84b15a
                                                          • Instruction Fuzzy Hash: A3C1F674D04249AFCF13DFA8D841BADBBB8AF0D310F05815AF815AB396CB719941CB61
                                                          Function 003996E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0037F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00399717
                                                          • LoadStringW.USER32(00000000,?,0037F7F8,00000001), ref: 00399720
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                          • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0037F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00399742
                                                          • LoadStringW.USER32(00000000,?,0037F7F8,00000001), ref: 00399745
                                                          • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00399866
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: HandleLoadModuleString$Message_wcslen
                                                          • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                          • API String ID: 747408836-2268648507
                                                          • Opcode ID: a77d6fc594b57b4905aa7d3ea5f24b5626677e96dac756ef37af0ef58e1ca77a
                                                          • Instruction ID: d8199f90e3e5e1f3f5981dc8fe3aa7bbf71795182e6faa6172313a7aeed73516
                                                          • Opcode Fuzzy Hash: a77d6fc594b57b4905aa7d3ea5f24b5626677e96dac756ef37af0ef58e1ca77a
                                                          • Instruction Fuzzy Hash: 76414072904109AACF06FBE4CE86EEE737CAF55340F10406AF6057A092EB756F48CB61
                                                          Function 003906DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00336B57: _wcslen.LIBCMT ref: 00336B6A
                                                          • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 003907A2
                                                          • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 003907BE
                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 003907DA
                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00390804
                                                          • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0039082C
                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00390837
                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0039083C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                          • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                          • API String ID: 323675364-22481851
                                                          • Opcode ID: e57c1433d0dba7a52a9ac717bf690938220e184be316cd02c42104f773c0c76c
                                                          • Instruction ID: 18d130fdfe1bfb7c468a31f999b82813247d0794c837a29c3d65f25f6f1ac539
                                                          • Opcode Fuzzy Hash: e57c1433d0dba7a52a9ac717bf690938220e184be316cd02c42104f773c0c76c
                                                          • Instruction Fuzzy Hash: DD411672D10229AFCF16EBA4DC95DEEB778BF44350F058169E905A7160EB70AE04CBA0
                                                          Function 003C3F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 003C403B
                                                          • CreateCompatibleDC.GDI32(00000000), ref: 003C4042
                                                          • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 003C4055
                                                          • SelectObject.GDI32(00000000,00000000), ref: 003C405D
                                                          • GetPixel.GDI32(00000000,00000000,00000000), ref: 003C4068
                                                          • DeleteDC.GDI32(00000000), ref: 003C4072
                                                          • GetWindowLongW.USER32(?,000000EC), ref: 003C407C
                                                          • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 003C4092
                                                          • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 003C409E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                          • String ID: static
                                                          • API String ID: 2559357485-2160076837
                                                          • Opcode ID: 0a2a1014ab87eb7e60c8e3e3ac2aaed9aaed9f7b1eecf873dcd482d618b32d04
                                                          • Instruction ID: b6b9874b7855a76494b08fb27174c25fda71c864867e24fa4cc5f2b3e040d337
                                                          • Opcode Fuzzy Hash: 0a2a1014ab87eb7e60c8e3e3ac2aaed9aaed9f7b1eecf873dcd482d618b32d04
                                                          • Instruction Fuzzy Hash: 36313832551219ABDB229FA4CC49FDA3BA8EF09320F151219FA18E61A0C775EC21DB54
                                                          Function 003B3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 003B3C5C
                                                          • CoInitialize.OLE32(00000000), ref: 003B3C8A
                                                          • CoUninitialize.OLE32 ref: 003B3C94
                                                          • _wcslen.LIBCMT ref: 003B3D2D
                                                          • GetRunningObjectTable.OLE32(00000000,?), ref: 003B3DB1
                                                          • SetErrorMode.KERNEL32(00000001,00000029), ref: 003B3ED5
                                                          • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 003B3F0E
                                                          • CoGetObject.OLE32(?,00000000,003CFB98,?), ref: 003B3F2D
                                                          • SetErrorMode.KERNEL32(00000000), ref: 003B3F40
                                                          • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 003B3FC4
                                                          • VariantClear.OLEAUT32(?), ref: 003B3FD8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                          • String ID:
                                                          • API String ID: 429561992-0
                                                          • Opcode ID: a1f1cdc8e3faf352e59a46e82ed33d5fc63a7b0f14f99c76fd91d4e4ffd6cf5e
                                                          • Instruction ID: 78cd39ea43c748729d74e0037ada10ea9b5b5c83eae1a73bdcefa253f2ea7bc5
                                                          • Opcode Fuzzy Hash: a1f1cdc8e3faf352e59a46e82ed33d5fc63a7b0f14f99c76fd91d4e4ffd6cf5e
                                                          • Instruction Fuzzy Hash: 4AC133716083159FD702DF68C88496BBBE9FF89748F14491DFA8A9B610DB30EE05CB52
                                                          Function 003A7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CoInitialize.OLE32(00000000), ref: 003A7AF3
                                                          • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 003A7B8F
                                                          • SHGetDesktopFolder.SHELL32(?), ref: 003A7BA3
                                                          • CoCreateInstance.OLE32(003CFD08,00000000,00000001,003F6E6C,?), ref: 003A7BEF
                                                          • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 003A7C74
                                                          • CoTaskMemFree.OLE32(?,?), ref: 003A7CCC
                                                          • SHBrowseForFolderW.SHELL32(?), ref: 003A7D57
                                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 003A7D7A
                                                          • CoTaskMemFree.OLE32(00000000), ref: 003A7D81
                                                          • CoTaskMemFree.OLE32(00000000), ref: 003A7DD6
                                                          • CoUninitialize.OLE32 ref: 003A7DDC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                          • String ID:
                                                          • API String ID: 2762341140-0
                                                          • Opcode ID: a69dca986f000bcdea0397e9fbb151549eec519e806077af1009081aa13cc71f
                                                          • Instruction ID: 8e061cccada9b1a6df678ac32e7a08089a3db931223882e89ea4a05acd496960
                                                          • Opcode Fuzzy Hash: a69dca986f000bcdea0397e9fbb151549eec519e806077af1009081aa13cc71f
                                                          • Instruction Fuzzy Hash: A0C11975A04209AFDB15DF64C8C8DAEBBB9FF49314F148499E81ADB261DB30ED41CB90
                                                          Function 003C541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 003C5504
                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003C5515
                                                          • CharNextW.USER32(00000158), ref: 003C5544
                                                          • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 003C5585
                                                          • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 003C559B
                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003C55AC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CharNext
                                                          • String ID:
                                                          • API String ID: 1350042424-0
                                                          • Opcode ID: f21112e81912598c437ed54f0767f0a3d534810b190190dca693c82580fb77c0
                                                          • Instruction ID: 626ba5d3d33078b0fa81ff6e589171cba67c51633fc7029a6b8baa7bfa8fd69c
                                                          • Opcode Fuzzy Hash: f21112e81912598c437ed54f0767f0a3d534810b190190dca693c82580fb77c0
                                                          • Instruction Fuzzy Hash: 64619C31904608ABDF129F55CC84EFE7BBDEB0A321F148149F925EA291D774AEC0DB60
                                                          Function 0038FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0038FAAF
                                                          • SafeArrayAllocData.OLEAUT32(?), ref: 0038FB08
                                                          • VariantInit.OLEAUT32(?), ref: 0038FB1A
                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 0038FB3A
                                                          • VariantCopy.OLEAUT32(?,?), ref: 0038FB8D
                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 0038FBA1
                                                          • VariantClear.OLEAUT32(?), ref: 0038FBB6
                                                          • SafeArrayDestroyData.OLEAUT32(?), ref: 0038FBC3
                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0038FBCC
                                                          • VariantClear.OLEAUT32(?), ref: 0038FBDE
                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0038FBE9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                          • String ID:
                                                          • API String ID: 2706829360-0
                                                          • Opcode ID: fea73892ba9267a2ac5d0ae0923b9df779f6ee6516a61563f6f1157ac6b67fc6
                                                          • Instruction ID: a8036d78228577713be62477fbfec92dc105e5df2a0807285849826922621b11
                                                          • Opcode Fuzzy Hash: fea73892ba9267a2ac5d0ae0923b9df779f6ee6516a61563f6f1157ac6b67fc6
                                                          • Instruction Fuzzy Hash: FF414035A102199FCF06EF65C854DAEBBB9FF48354F008069E94AEB261DB34A945CF90
                                                          Function 00399C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetKeyboardState.USER32(?), ref: 00399CA1
                                                          • GetAsyncKeyState.USER32(000000A0), ref: 00399D22
                                                          • GetKeyState.USER32(000000A0), ref: 00399D3D
                                                          • GetAsyncKeyState.USER32(000000A1), ref: 00399D57
                                                          • GetKeyState.USER32(000000A1), ref: 00399D6C
                                                          • GetAsyncKeyState.USER32(00000011), ref: 00399D84
                                                          • GetKeyState.USER32(00000011), ref: 00399D96
                                                          • GetAsyncKeyState.USER32(00000012), ref: 00399DAE
                                                          • GetKeyState.USER32(00000012), ref: 00399DC0
                                                          • GetAsyncKeyState.USER32(0000005B), ref: 00399DD8
                                                          • GetKeyState.USER32(0000005B), ref: 00399DEA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: State$Async$Keyboard
                                                          • String ID:
                                                          • API String ID: 541375521-0
                                                          • Opcode ID: b98c7967782f442c2b3fded549523d997c5d185dd8961d8226728cbadfeea2cf
                                                          • Instruction ID: 2b3450c2721d428efbef5f0b450f49eb4270e5d2071ee807e3c20b32c77d21a1
                                                          • Opcode Fuzzy Hash: b98c7967782f442c2b3fded549523d997c5d185dd8961d8226728cbadfeea2cf
                                                          • Instruction Fuzzy Hash: 7E41E7349047C96DFF33876988447B5BEA06F12344F09805FDAC6565C2EBA5ADC8CBA2
                                                          Function 003B055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WSAStartup.WSOCK32(00000101,?), ref: 003B05BC
                                                          • inet_addr.WSOCK32(?), ref: 003B061C
                                                          • gethostbyname.WSOCK32(?), ref: 003B0628
                                                          • IcmpCreateFile.IPHLPAPI ref: 003B0636
                                                          • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 003B06C6
                                                          • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 003B06E5
                                                          • IcmpCloseHandle.IPHLPAPI(?), ref: 003B07B9
                                                          • WSACleanup.WSOCK32 ref: 003B07BF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                          • String ID: Ping
                                                          • API String ID: 1028309954-2246546115
                                                          • Opcode ID: bcb1a0f430e28b3d242354bc25e787c7298416dab7b969ce3c2a4068d8ea6608
                                                          • Instruction ID: 6d2aa10958ee4f5f17ef04fcb883f46f0e2eb050c562e85890404565c9fdad84
                                                          • Opcode Fuzzy Hash: bcb1a0f430e28b3d242354bc25e787c7298416dab7b969ce3c2a4068d8ea6608
                                                          • Instruction Fuzzy Hash: 86918C356082019FD326DF15C889F5ABBE4EF44318F1985A9E5698FAA2CB30FD41CF81
                                                          Function 003B8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$BuffCharLower
                                                          • String ID: cdecl$none$stdcall$winapi
                                                          • API String ID: 707087890-567219261
                                                          • Opcode ID: 675da58a37a4f1bef0f6adae3d0e05855f85c38f3ccac47b0b06820331407fe0
                                                          • Instruction ID: a85944c476fdbb752786f7c2737a2d5d6162752842f0496ea8cc5f1a2fb298aa
                                                          • Opcode Fuzzy Hash: 675da58a37a4f1bef0f6adae3d0e05855f85c38f3ccac47b0b06820331407fe0
                                                          • Instruction Fuzzy Hash: 5551A431A041169BCF16DF6CC9519FEB7A9BF64328B21422AEA56EB6C4DB30DD40C790
                                                          Function 003B372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CoInitialize.OLE32 ref: 003B3774
                                                          • CoUninitialize.OLE32 ref: 003B377F
                                                          • CoCreateInstance.OLE32(?,00000000,00000017,003CFB78,?), ref: 003B37D9
                                                          • IIDFromString.OLE32(?,?), ref: 003B384C
                                                          • VariantInit.OLEAUT32(?), ref: 003B38E4
                                                          • VariantClear.OLEAUT32(?), ref: 003B3936
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                          • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                          • API String ID: 636576611-1287834457
                                                          • Opcode ID: 36fbcd15a4042c74752b99d856bfd0f25aefa7a015b50762f8aeb36f15491a8d
                                                          • Instruction ID: 6c2145bdeead7718e51a84abba2150945bef5494e42ae324d084d3358f3a7efd
                                                          • Opcode Fuzzy Hash: 36fbcd15a4042c74752b99d856bfd0f25aefa7a015b50762f8aeb36f15491a8d
                                                          • Instruction Fuzzy Hash: 7961B171608321AFD712DF54C889FAAB7E8EF49718F004809F685DB691D770EE48CB92
                                                          Function 003A3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 003A33CF
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                          • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 003A33F0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: LoadString$_wcslen
                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                          • API String ID: 4099089115-3080491070
                                                          • Opcode ID: 065efaeebd0c1db42549896b97385dad9f45ab479c69129533afb7bf4def65ff
                                                          • Instruction ID: 94d66acb8dfe47d23b566a440513900d68ccecd0b59de5942d836da1b91f7433
                                                          • Opcode Fuzzy Hash: 065efaeebd0c1db42549896b97385dad9f45ab479c69129533afb7bf4def65ff
                                                          • Instruction Fuzzy Hash: 11518F72D00209AADF17EBA0CD86EEEB778EF05340F108166F5057A062EB716F58DB60
                                                          Function 0039B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$BuffCharUpper
                                                          • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                          • API String ID: 1256254125-769500911
                                                          • Opcode ID: ade565452ec94c7356d9eebce60abb4553e05a29da88626a4a516b345ad0bbb1
                                                          • Instruction ID: 96d3b64e85b544d0daae8fc646399a6cb80f3c916a0e808293005defd1b34887
                                                          • Opcode Fuzzy Hash: ade565452ec94c7356d9eebce60abb4553e05a29da88626a4a516b345ad0bbb1
                                                          • Instruction Fuzzy Hash: 7D41F832A000279BCF116F7DDE915BEF7A5AFA0754B264229E461DB284E731ED81C790
                                                          Function 003A5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNEL32(00000001), ref: 003A53A0
                                                          • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 003A5416
                                                          • GetLastError.KERNEL32 ref: 003A5420
                                                          • SetErrorMode.KERNEL32(00000000,READY), ref: 003A54A7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Error$Mode$DiskFreeLastSpace
                                                          • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                          • API String ID: 4194297153-14809454
                                                          • Opcode ID: ac2a2c96f2756d6f2e4d7d95ac0d67541d44cf8a6d3ca421f8e07bde624a7034
                                                          • Instruction ID: 2056a1371d0bfa673f0b16fafd0cc8533d71c99014063813e573572eb57ca595
                                                          • Opcode Fuzzy Hash: ac2a2c96f2756d6f2e4d7d95ac0d67541d44cf8a6d3ca421f8e07bde624a7034
                                                          • Instruction Fuzzy Hash: A631D335A00604DFC712DF6AC485EA97BB8EF1A305F188055E505CF652DB74ED82CB90
                                                          Function 003C3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateMenu.USER32 ref: 003C3C79
                                                          • SetMenu.USER32(?,00000000), ref: 003C3C88
                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003C3D10
                                                          • IsMenu.USER32(?), ref: 003C3D24
                                                          • CreatePopupMenu.USER32 ref: 003C3D2E
                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 003C3D5B
                                                          • DrawMenuBar.USER32 ref: 003C3D63
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                          • String ID: 0$F
                                                          • API String ID: 161812096-3044882817
                                                          • Opcode ID: 5b7ac8a325afb560152c3f053aeb4a9d1a80b2b070959cc40a574ceb75a214d3
                                                          • Instruction ID: 292b0ed4645cce2b5dfc9be98ade5e7ac90803390a47bea86ca1cbe88facf5c2
                                                          • Opcode Fuzzy Hash: 5b7ac8a325afb560152c3f053aeb4a9d1a80b2b070959cc40a574ceb75a214d3
                                                          • Instruction Fuzzy Hash: FF415975A01209AFDB15CF64D848FAA7BB9FF4A350F15402CE946E7360D731AE10CB94
                                                          Function 00391EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                            • Part of subcall function 00393CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00393CCA
                                                          • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00391F64
                                                          • GetDlgCtrlID.USER32 ref: 00391F6F
                                                          • GetParent.USER32 ref: 00391F8B
                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00391F8E
                                                          • GetDlgCtrlID.USER32(?), ref: 00391F97
                                                          • GetParent.USER32(?), ref: 00391FAB
                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00391FAE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                          • String ID: ComboBox$ListBox
                                                          • API String ID: 711023334-1403004172
                                                          • Opcode ID: d800c99edc1cf51122ba453568410eac82a861c6aee90ff6fe76bfe0bbeb5e4a
                                                          • Instruction ID: 5c64c28c7114e9ad2e1f551c2fb253fd568499272a332b902a4786ce79048e7b
                                                          • Opcode Fuzzy Hash: d800c99edc1cf51122ba453568410eac82a861c6aee90ff6fe76bfe0bbeb5e4a
                                                          • Instruction Fuzzy Hash: AC21D471940218BBCF06AFA0CC85EFEFBB8EF05310F001256F966AB2A1CB755914DB60
                                                          Function 003C3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 003C3A9D
                                                          • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 003C3AA0
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 003C3AC7
                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 003C3AEA
                                                          • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 003C3B62
                                                          • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 003C3BAC
                                                          • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 003C3BC7
                                                          • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 003C3BE2
                                                          • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 003C3BF6
                                                          • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 003C3C13
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$LongWindow
                                                          • String ID:
                                                          • API String ID: 312131281-0
                                                          • Opcode ID: 26b5531d4a7ea3b957e06b9065284c0a13683d04dcfefc3ce1d7da5a74432f59
                                                          • Instruction ID: f2f70812aee2608e0b5ad3995fbe8d521817498e62f6b6a424d07b88d3379393
                                                          • Opcode Fuzzy Hash: 26b5531d4a7ea3b957e06b9065284c0a13683d04dcfefc3ce1d7da5a74432f59
                                                          • Instruction Fuzzy Hash: 38616B75900248AFDB11DFA8CD81FEE77B8EB09700F1081A9FA15EB2A1D774AE45DB50
                                                          Function 0039B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentThreadId.KERNEL32 ref: 0039B151
                                                          • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0039A1E1,?,00000001), ref: 0039B165
                                                          • GetWindowThreadProcessId.USER32(00000000), ref: 0039B16C
                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0039A1E1,?,00000001), ref: 0039B17B
                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 0039B18D
                                                          • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0039A1E1,?,00000001), ref: 0039B1A6
                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0039A1E1,?,00000001), ref: 0039B1B8
                                                          • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0039A1E1,?,00000001), ref: 0039B1FD
                                                          • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0039A1E1,?,00000001), ref: 0039B212
                                                          • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0039A1E1,?,00000001), ref: 0039B21D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                          • String ID:
                                                          • API String ID: 2156557900-0
                                                          • Opcode ID: 8644f06fca59fc5928128aa42e70354a4fe2e3bd07fd519b71b5ac2dd2eae7ec
                                                          • Instruction ID: ea0823f9069c55081f8496f7f1a1952c4d5cb9b85a0064f450f72886f2e73844
                                                          • Opcode Fuzzy Hash: 8644f06fca59fc5928128aa42e70354a4fe2e3bd07fd519b71b5ac2dd2eae7ec
                                                          • Instruction Fuzzy Hash: F331EC71510204BFDF129F24EE48FAEBBADFB1031AF154428FA44E6190C7B4EA018F28
                                                          Function 00362C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _free.LIBCMT ref: 00362C94
                                                            • Part of subcall function 003629C8: HeapFree.KERNEL32(00000000,00000000,?,0036D7D1,00000000,00000000,00000000,00000000,?,0036D7F8,00000000,00000007,00000000,?,0036DBF5,00000000), ref: 003629DE
                                                            • Part of subcall function 003629C8: GetLastError.KERNEL32(00000000,?,0036D7D1,00000000,00000000,00000000,00000000,?,0036D7F8,00000000,00000007,00000000,?,0036DBF5,00000000,00000000), ref: 003629F0
                                                          • _free.LIBCMT ref: 00362CA0
                                                          • _free.LIBCMT ref: 00362CAB
                                                          • _free.LIBCMT ref: 00362CB6
                                                          • _free.LIBCMT ref: 00362CC1
                                                          • _free.LIBCMT ref: 00362CCC
                                                          • _free.LIBCMT ref: 00362CD7
                                                          • _free.LIBCMT ref: 00362CE2
                                                          • _free.LIBCMT ref: 00362CED
                                                          • _free.LIBCMT ref: 00362CFB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: 4691296bc750b94a2409472ee81b0a70e260c9a0efe49d3b49088edeed79e8e1
                                                          • Instruction ID: 3b06803e0e14af01bb3303c2585da209a1c99ce02c6a4707cf5cadf7692a63c7
                                                          • Opcode Fuzzy Hash: 4691296bc750b94a2409472ee81b0a70e260c9a0efe49d3b49088edeed79e8e1
                                                          • Instruction Fuzzy Hash: 47119676600508AFCB07EF54D842CDE3BA5FF46390F4284A5F9485F226D731EA609B90
                                                          Function 00331410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00331459
                                                          • OleUninitialize.OLE32(?,00000000), ref: 003314F8
                                                          • UnregisterHotKey.USER32(?), ref: 003316DD
                                                          • DestroyWindow.USER32(?), ref: 003724B9
                                                          • FreeLibrary.KERNEL32(?), ref: 0037251E
                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0037254B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                          • String ID: close all
                                                          • API String ID: 469580280-3243417748
                                                          • Opcode ID: 80793e0be3cf4707dbfc6ffc65832c62e793fcc87b71445b93beb6da170a2601
                                                          • Instruction ID: 4b768f951e3795bd90df95d18ca54036cf39d8376ed3f55238d0e5e88cec0a43
                                                          • Opcode Fuzzy Hash: 80793e0be3cf4707dbfc6ffc65832c62e793fcc87b71445b93beb6da170a2601
                                                          • Instruction Fuzzy Hash: D8D15A31701212CFDB2BEF15C899B2AF7A4BF05710F1582ADE84AAB251DB30AD52CF50
                                                          Function 003A7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 003A7FAD
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 003A7FC1
                                                          • GetFileAttributesW.KERNEL32(?), ref: 003A7FEB
                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 003A8005
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 003A8017
                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 003A8060
                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 003A80B0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CurrentDirectory$AttributesFile
                                                          • String ID: *.*
                                                          • API String ID: 769691225-438819550
                                                          • Opcode ID: dd3dc384290170efcb75840d2ba35448aeb333a36a0dd810d81b930beeec8b45
                                                          • Instruction ID: 94419334b6e70c1ffabaae2b275aefc26640d118e7cfd1350a428651f28d1311
                                                          • Opcode Fuzzy Hash: dd3dc384290170efcb75840d2ba35448aeb333a36a0dd810d81b930beeec8b45
                                                          • Instruction Fuzzy Hash: AE81B272518241ABCB26DF14C884DAAB3E8FF8A310F154C5EF885DB250EB35DD498B52
                                                          Function 00335BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetWindowLongW.USER32(?,000000EB), ref: 00335C7A
                                                            • Part of subcall function 00335D0A: GetClientRect.USER32(?,?), ref: 00335D30
                                                            • Part of subcall function 00335D0A: GetWindowRect.USER32(?,?), ref: 00335D71
                                                            • Part of subcall function 00335D0A: ScreenToClient.USER32(?,?), ref: 00335D99
                                                          • GetDC.USER32 ref: 003746F5
                                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00374708
                                                          • SelectObject.GDI32(00000000,00000000), ref: 00374716
                                                          • SelectObject.GDI32(00000000,00000000), ref: 0037472B
                                                          • ReleaseDC.USER32(?,00000000), ref: 00374733
                                                          • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 003747C4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                          • String ID: U
                                                          • API String ID: 4009187628-3372436214
                                                          • Opcode ID: 30ffac31c2a2a0a43e4347f36548b5ab555fd6af1fd3eaa210bc48d7670ccb51
                                                          • Instruction ID: 50679cf20b9d83c47f550d744b8dce5c36f311a6f197887ffa9e055e8895cbf7
                                                          • Opcode Fuzzy Hash: 30ffac31c2a2a0a43e4347f36548b5ab555fd6af1fd3eaa210bc48d7670ccb51
                                                          • Instruction Fuzzy Hash: 0671CF31400245DFCF378F64C984ABA7BB9FF4A314F198269E96A9A166C335A881DF50
                                                          Function 003A359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 003A35E4
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                          • LoadStringW.USER32(00402390,?,00000FFF,?), ref: 003A360A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: LoadString$_wcslen
                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                          • API String ID: 4099089115-2391861430
                                                          • Opcode ID: 47b9a6862aa2d3e4bea148c068a5068b697ed0e31a90a1f4e963711dad95edc3
                                                          • Instruction ID: 616e476da83c5d6205f365b904c93e44b61844531304d77c23df3905afc7c6f3
                                                          • Opcode Fuzzy Hash: 47b9a6862aa2d3e4bea148c068a5068b697ed0e31a90a1f4e963711dad95edc3
                                                          • Instruction Fuzzy Hash: EF518F72900209BBDF16EBA0CD82EEDBB78EF05310F148125F5057A1A1EB711A99DFA0
                                                          Function 003AC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 003AC272
                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003AC29A
                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 003AC2CA
                                                          • GetLastError.KERNEL32 ref: 003AC322
                                                          • SetEvent.KERNEL32(?), ref: 003AC336
                                                          • InternetCloseHandle.WININET(00000000), ref: 003AC341
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                          • String ID:
                                                          • API String ID: 3113390036-3916222277
                                                          • Opcode ID: 09c6892ce8ccde329d1cea6e0fcfc2a752b85a8691a7ac748b358bdde0760697
                                                          • Instruction ID: 0dcb1599485d4e8ed1b3c741b4e68ff391984fc986a6e42a5a77ec6d00f078e0
                                                          • Opcode Fuzzy Hash: 09c6892ce8ccde329d1cea6e0fcfc2a752b85a8691a7ac748b358bdde0760697
                                                          • Instruction Fuzzy Hash: 98319FB5520204AFDB239F648C88EAB7BFCEB4A740F14A51EF44AD6640DB34ED059B60
                                                          Function 0039989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00373AAF,?,?,Bad directive syntax error,003CCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 003998BC
                                                          • LoadStringW.USER32(00000000,?,00373AAF,?), ref: 003998C3
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                          • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00399987
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: HandleLoadMessageModuleString_wcslen
                                                          • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                          • API String ID: 858772685-4153970271
                                                          • Opcode ID: 5bae579a15b3cd5f1d0844af559bcd77bbc01bf6ca3f2d5e431ce793eee5b58d
                                                          • Instruction ID: 42a86dfc067c3c54a7d03ea61ce84c158d1659c5e9059f88a98c2b74551bac8a
                                                          • Opcode Fuzzy Hash: 5bae579a15b3cd5f1d0844af559bcd77bbc01bf6ca3f2d5e431ce793eee5b58d
                                                          • Instruction Fuzzy Hash: 63212F3194021DABCF17AF90CC46EED7779FF18700F04945AF5156A0A1EB71AA18DB51
                                                          Function 0039209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetParent.USER32 ref: 003920AB
                                                          • GetClassNameW.USER32(00000000,?,00000100), ref: 003920C0
                                                          • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0039214D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ClassMessageNameParentSend
                                                          • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                          • API String ID: 1290815626-3381328864
                                                          • Opcode ID: b41aa45aea91ccd190ebcc0eb90264b5c53843a904097938a9f7c589b7e9ad66
                                                          • Instruction ID: 810663421ba8956b222b796727817650dd32de253ea519d525e4fbe4e36f5108
                                                          • Opcode Fuzzy Hash: b41aa45aea91ccd190ebcc0eb90264b5c53843a904097938a9f7c589b7e9ad66
                                                          • Instruction Fuzzy Hash: 85112976688B0ABAFE072620DC0BDF7779CDB14329F210016FB04E91E1FE616C655614
                                                          Function 0036CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                          • String ID:
                                                          • API String ID: 1282221369-0
                                                          • Opcode ID: b8825c68128b2d37da9159555d2b1fb0f3201bd2271e73ab506e047dbfb6f3bf
                                                          • Instruction ID: cc7e9303b79155c90e16e578a74a78baeb1aaf79681798ee472b03cda994e824
                                                          • Opcode Fuzzy Hash: b8825c68128b2d37da9159555d2b1fb0f3201bd2271e73ab506e047dbfb6f3bf
                                                          • Instruction Fuzzy Hash: E1614A71A04301AFDB27AFB49C41B7A7BA5EF06350F06C16DF984AF249D7329D0187A0
                                                          Function 003C50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 003C5186
                                                          • ShowWindow.USER32(?,00000000), ref: 003C51C7
                                                          • ShowWindow.USER32(?,00000005,?,00000000), ref: 003C51CD
                                                          • SetFocus.USER32(?,?,00000005,?,00000000), ref: 003C51D1
                                                            • Part of subcall function 003C6FBA: DeleteObject.GDI32(00000000), ref: 003C6FE6
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 003C520D
                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 003C521A
                                                          • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 003C524D
                                                          • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 003C5287
                                                          • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 003C5296
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                          • String ID:
                                                          • API String ID: 3210457359-0
                                                          • Opcode ID: 2e3559d66c1b37e77705442ec7fbfdc7b2e10e323fde04131ca4e7f09ed80f0f
                                                          • Instruction ID: bb8ca34b6e25b1bc27e653dcfc8d70e2ecfc47889d0f2d46607ab432b678e359
                                                          • Opcode Fuzzy Hash: 2e3559d66c1b37e77705442ec7fbfdc7b2e10e323fde04131ca4e7f09ed80f0f
                                                          • Instruction Fuzzy Hash: F351B130A50A08BEEF229F24CC4AFD97BA9EB05321F59441AF615DA2E1C775BDD0DB40
                                                          Function 00348B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00386890
                                                          • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 003868A9
                                                          • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 003868B9
                                                          • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 003868D1
                                                          • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 003868F2
                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00348874,00000000,00000000,00000000,000000FF,00000000), ref: 00386901
                                                          • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0038691E
                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00348874,00000000,00000000,00000000,000000FF,00000000), ref: 0038692D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                          • String ID:
                                                          • API String ID: 1268354404-0
                                                          • Opcode ID: 99eb88ef82c564c2edca5600891d728ecbf5c1cba58701107ec02efccd694e46
                                                          • Instruction ID: 4753c51287c0d3330b7f10c7b0f505c3bc5d0f6e083dbdabdef7fc008520723c
                                                          • Opcode Fuzzy Hash: 99eb88ef82c564c2edca5600891d728ecbf5c1cba58701107ec02efccd694e46
                                                          • Instruction Fuzzy Hash: 22514970600305AFDB22DF25CC56FAA7BB9EB44750F104528F956DA2A0DB70E991DB50
                                                          Function 003AC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 003AC182
                                                          • GetLastError.KERNEL32 ref: 003AC195
                                                          • SetEvent.KERNEL32(?), ref: 003AC1A9
                                                            • Part of subcall function 003AC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 003AC272
                                                            • Part of subcall function 003AC253: GetLastError.KERNEL32 ref: 003AC322
                                                            • Part of subcall function 003AC253: SetEvent.KERNEL32(?), ref: 003AC336
                                                            • Part of subcall function 003AC253: InternetCloseHandle.WININET(00000000), ref: 003AC341
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                          • String ID:
                                                          • API String ID: 337547030-0
                                                          • Opcode ID: 57d17a86eaef8aef3836bfccf98c291e9238b8a1cb137c1d724559e46298f0b1
                                                          • Instruction ID: b4a7cb2b55c1817c39263daf55ea6d469cfaa13dffd464c74ff99435e24916ba
                                                          • Opcode Fuzzy Hash: 57d17a86eaef8aef3836bfccf98c291e9238b8a1cb137c1d724559e46298f0b1
                                                          • Instruction Fuzzy Hash: 93319271220605AFDF229FA5DD44A66BBFCFF1A300F04681DF95AC6A11D731E814DBA0
                                                          Function 003925A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00393A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00393A57
                                                            • Part of subcall function 00393A3D: GetCurrentThreadId.KERNEL32 ref: 00393A5E
                                                            • Part of subcall function 00393A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,003925B3), ref: 00393A65
                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 003925BD
                                                          • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 003925DB
                                                          • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 003925DF
                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 003925E9
                                                          • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00392601
                                                          • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00392605
                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 0039260F
                                                          • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00392623
                                                          • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00392627
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                          • String ID:
                                                          • API String ID: 2014098862-0
                                                          • Opcode ID: 93044fb3aad5468c8b85b3c1024fa2cf923f9fd0855b41460a67abb36d52222b
                                                          • Instruction ID: a60c99f244a82fe7823acd25991b7a2366f235888459df3b575f258c94a34b4e
                                                          • Opcode Fuzzy Hash: 93044fb3aad5468c8b85b3c1024fa2cf923f9fd0855b41460a67abb36d52222b
                                                          • Instruction Fuzzy Hash: 8B01DF307A0610BBFB2167699C8AF5A7F5DDB4EB12F111001F358EE1E1C9E224448BAA
                                                          Function 00391803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00391449,?,?,00000000), ref: 0039180C
                                                          • HeapAlloc.KERNEL32(00000000,?,00391449,?,?,00000000), ref: 00391813
                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00391449,?,?,00000000), ref: 00391828
                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,00391449,?,?,00000000), ref: 00391830
                                                          • DuplicateHandle.KERNEL32(00000000,?,00391449,?,?,00000000), ref: 00391833
                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00391449,?,?,00000000), ref: 00391843
                                                          • GetCurrentProcess.KERNEL32(00391449,00000000,?,00391449,?,?,00000000), ref: 0039184B
                                                          • DuplicateHandle.KERNEL32(00000000,?,00391449,?,?,00000000), ref: 0039184E
                                                          • CreateThread.KERNEL32(00000000,00000000,00391874,00000000,00000000,00000000), ref: 00391868
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                          • String ID:
                                                          • API String ID: 1957940570-0
                                                          • Opcode ID: eaa40f481eb2e7add0321592056a9f682d1f07d4055a789078cc9274d4e8946e
                                                          • Instruction ID: b1b700a873c485e482fd71dca7e9392ba09844114cf726ae414e8345e66cba38
                                                          • Opcode Fuzzy Hash: eaa40f481eb2e7add0321592056a9f682d1f07d4055a789078cc9274d4e8946e
                                                          • Instruction Fuzzy Hash: 3501CDB5250348BFE711AFB6DC4DF6B3BACEB89B11F045411FA09DB1A1CA74A800CB20
                                                          Function 00363E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: __alldvrm$_strrchr
                                                          • String ID: }}5$}}5$}}5
                                                          • API String ID: 1036877536-2827342321
                                                          • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                          • Instruction ID: 0261366093a84c2e944edffbfb30c05512d1d105d2c9f83f888c52afd29f5f7c
                                                          • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                          • Instruction Fuzzy Hash: 23A13672E003969FDB27CF18C8917AEFBE4EF66350F15816DE5859F286C2388981C750
                                                          Function 003BA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0039D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0039D501
                                                            • Part of subcall function 0039D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0039D50F
                                                            • Part of subcall function 0039D4DC: CloseHandle.KERNEL32(00000000), ref: 0039D5DC
                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 003BA16D
                                                          • GetLastError.KERNEL32 ref: 003BA180
                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 003BA1B3
                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 003BA268
                                                          • GetLastError.KERNEL32(00000000), ref: 003BA273
                                                          • CloseHandle.KERNEL32(00000000), ref: 003BA2C4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                          • String ID: SeDebugPrivilege
                                                          • API String ID: 2533919879-2896544425
                                                          • Opcode ID: 64232c8e677c9fa6148473354d9beefab5a04011d07ae75428ae2a799a328524
                                                          • Instruction ID: a207151200fc5af053a5e8eb23148e5c5a06724e922290acc59c596a0e763207
                                                          • Opcode Fuzzy Hash: 64232c8e677c9fa6148473354d9beefab5a04011d07ae75428ae2a799a328524
                                                          • Instruction Fuzzy Hash: 7D61DF34204A42AFD722DF18C484F55BBE4AF44318F19848CE5668FBA3C776EC45CB82
                                                          Function 003C3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 003C3925
                                                          • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 003C393A
                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 003C3954
                                                          • _wcslen.LIBCMT ref: 003C3999
                                                          • SendMessageW.USER32(?,00001057,00000000,?), ref: 003C39C6
                                                          • SendMessageW.USER32(?,00001061,?,0000000F), ref: 003C39F4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window_wcslen
                                                          • String ID: SysListView32
                                                          • API String ID: 2147712094-78025650
                                                          • Opcode ID: e8703e918ef61a2947f6e6e0d53aa54279994193260cb9f6789ea85e8b2e0471
                                                          • Instruction ID: db07ba5dd6e9be34636e0de25a13e994670e54c9d709724978957ada5982eedb
                                                          • Opcode Fuzzy Hash: e8703e918ef61a2947f6e6e0d53aa54279994193260cb9f6789ea85e8b2e0471
                                                          • Instruction Fuzzy Hash: 3541D431A00318ABEF229F64CC45FEA7BA9FF08350F11452AF958E7291D7719E94CB90
                                                          Function 0039BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0039BCFD
                                                          • IsMenu.USER32(00000000), ref: 0039BD1D
                                                          • CreatePopupMenu.USER32 ref: 0039BD53
                                                          • GetMenuItemCount.USER32(00DA58A8), ref: 0039BDA4
                                                          • InsertMenuItemW.USER32(00DA58A8,?,00000001,00000030), ref: 0039BDCC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                          • String ID: 0$2
                                                          • API String ID: 93392585-3793063076
                                                          • Opcode ID: 7ed4526e5f47551ec796f20d2ceecf1375ac33fc614b41b3a2f3b2b679f33879
                                                          • Instruction ID: 610b3cfaaec524c7bb936f072b9074982a1ed9f9a090bddb223bdfa593717d53
                                                          • Opcode Fuzzy Hash: 7ed4526e5f47551ec796f20d2ceecf1375ac33fc614b41b3a2f3b2b679f33879
                                                          • Instruction Fuzzy Hash: 9D51C070A00209DBDF12DFA9EA88BAEFBF8FF45314F144159E445EB2A0D770A945CB61
                                                          Function 00352D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _ValidateLocalCookies.LIBCMT ref: 00352D4B
                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00352D53
                                                          • _ValidateLocalCookies.LIBCMT ref: 00352DE1
                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00352E0C
                                                          • _ValidateLocalCookies.LIBCMT ref: 00352E61
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                          • String ID: &H5$csm
                                                          • API String ID: 1170836740-3207714950
                                                          • Opcode ID: 8b4475d9261b5722502fc78fac7b62f483cf61a9aa47167a273b0f1b3b17a854
                                                          • Instruction ID: 7303c40605d5e6402411e5a1fc2584b8fd825eed0015074bfee6c7471b105db0
                                                          • Opcode Fuzzy Hash: 8b4475d9261b5722502fc78fac7b62f483cf61a9aa47167a273b0f1b3b17a854
                                                          • Instruction Fuzzy Hash: 3F419434A00209DBCF16DF68C845E9FBBF5BF46366F158155EC24AB362D731AA09CB90
                                                          Function 0039C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadIconW.USER32(00000000,00007F03), ref: 0039C913
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: IconLoad
                                                          • String ID: blank$info$question$stop$warning
                                                          • API String ID: 2457776203-404129466
                                                          • Opcode ID: b9faec9c173ab57c1955b909a7c29104882f85e2a8b33c7e3224c5a068fa0319
                                                          • Instruction ID: dd97bf855fd3eb458460b9adbc45feab16707e2b8921f62b1916931b31f15dd6
                                                          • Opcode Fuzzy Hash: b9faec9c173ab57c1955b909a7c29104882f85e2a8b33c7e3224c5a068fa0319
                                                          • Instruction Fuzzy Hash: D6110D3169D30ABAEF076B549C83CEB779CDF15359B21102AF904A6192D7706D445364
                                                          Function 0039DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                          • String ID: 0.0.0.0
                                                          • API String ID: 642191829-3771769585
                                                          • Opcode ID: 0a792427d6449081519c7a3591d985c5fce257b2137503ca26eae71c15e14333
                                                          • Instruction ID: 22a8c3206d2bef710e4b75912ed85fc63098780571168b88dda3a430f7fd8cbe
                                                          • Opcode Fuzzy Hash: 0a792427d6449081519c7a3591d985c5fce257b2137503ca26eae71c15e14333
                                                          • Instruction Fuzzy Hash: 2311E172904209AFCF27AB649C4BEEF77ACDB11751F010169F549EA0A1EF719A818B60
                                                          Function 0039ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$LocalTime
                                                          • String ID:
                                                          • API String ID: 952045576-0
                                                          • Opcode ID: 4b617a2600b6f1758d0505ee2f38c7528731c3987b62f97d81b1c69dfeacc731
                                                          • Instruction ID: 354658e010cf9b9ddf364570575040eca64697fd6ba7675e3a6347afc7f3108a
                                                          • Opcode Fuzzy Hash: 4b617a2600b6f1758d0505ee2f38c7528731c3987b62f97d81b1c69dfeacc731
                                                          • Instruction Fuzzy Hash: E5418065C1021875CB12EBB4888BDDFB7B8AF45711F508866E918E7132FB34E259C3E5
                                                          Function 0034F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0038682C,00000004,00000000,00000000), ref: 0034F953
                                                          • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0038682C,00000004,00000000,00000000), ref: 0038F3D1
                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0038682C,00000004,00000000,00000000), ref: 0038F454
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ShowWindow
                                                          • String ID:
                                                          • API String ID: 1268545403-0
                                                          • Opcode ID: 48b2b04d575b2fccf4cd6748d51597ebe0122daf4a2d7f723da7ba817db42526
                                                          • Instruction ID: fe02a9a0c272762e68d89e9b64c303a04cba782f9e97d67dde06c86838a58c48
                                                          • Opcode Fuzzy Hash: 48b2b04d575b2fccf4cd6748d51597ebe0122daf4a2d7f723da7ba817db42526
                                                          • Instruction Fuzzy Hash: FC41D931618740BED7379F298988B2A7BD5AB56314F1D443DE0479F970C771B980C711
                                                          Function 003C2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DeleteObject.GDI32(00000000), ref: 003C2D1B
                                                          • GetDC.USER32(00000000), ref: 003C2D23
                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003C2D2E
                                                          • ReleaseDC.USER32(00000000,00000000), ref: 003C2D3A
                                                          • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 003C2D76
                                                          • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 003C2D87
                                                          • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,003C5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 003C2DC2
                                                          • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 003C2DE1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                          • String ID:
                                                          • API String ID: 3864802216-0
                                                          • Opcode ID: c6395a60523ca25258029fc719969b66b5d7128e5ad041c7cd0f10ff3878dbfd
                                                          • Instruction ID: 076895cf6918434b9e03ea59e2a23f55b5c060add4db5a2b1b10225b210eeab1
                                                          • Opcode Fuzzy Hash: c6395a60523ca25258029fc719969b66b5d7128e5ad041c7cd0f10ff3878dbfd
                                                          • Instruction Fuzzy Hash: BA319C72211214BFEB128F50CC8AFEB3BADEF19711F084055FE09DA291C675AC51CBA0
                                                          Function 00395622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _memcmp
                                                          • String ID:
                                                          • API String ID: 2931989736-0
                                                          • Opcode ID: 67b466794834f65e3f414b44121b391586d1d8d2487cf351a28d8e7438f5d26a
                                                          • Instruction ID: 725f5b10d6513255fce0f7b741ef83a92355ca1906c1a7e14e25c278beccfd2e
                                                          • Opcode Fuzzy Hash: 67b466794834f65e3f414b44121b391586d1d8d2487cf351a28d8e7438f5d26a
                                                          • Instruction Fuzzy Hash: 8721DB66741A097BDA175E209D92FFB335DAF20385F444034FD04DEA81F720EE5483A5
                                                          Function 003B4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: NULL Pointer assignment$Not an Object type
                                                          • API String ID: 0-572801152
                                                          • Opcode ID: e484d9a536c0a1b4cfcc9427c626ea2e5e28a8ba71f7c786d68fd27d1a9db6ea
                                                          • Instruction ID: 0cefa0c9726128e1cc8c5ef9cd7c7dbbc8abd8f0656588efd3c1a81a48dc3d79
                                                          • Opcode Fuzzy Hash: e484d9a536c0a1b4cfcc9427c626ea2e5e28a8ba71f7c786d68fd27d1a9db6ea
                                                          • Instruction Fuzzy Hash: A5D1D075A0060A9FDF12DFA8C880FEEB7B5BF48348F158069EA15AB680D770DD41CB90
                                                          Function 00371522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCPInfo.KERNEL32(?,?), ref: 003715CE
                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00371651
                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003716E4
                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 003716FB
                                                            • Part of subcall function 00363820: RtlAllocateHeap.NTDLL(00000000,?,00401444,?,0034FDF5,?,?,0033A976,00000010,00401440,003313FC,?,003313C6,?,00331129), ref: 00363852
                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00371777
                                                          • __freea.LIBCMT ref: 003717A2
                                                          • __freea.LIBCMT ref: 003717AE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                          • String ID:
                                                          • API String ID: 2829977744-0
                                                          • Opcode ID: 00b2636993de815f8edfcb20ee78838f84da1d89983d35e12a869fbe2a3607f1
                                                          • Instruction ID: 4d5683c9a4314e790555b88daafe4319bccec91cf055dd8ceddf00bda716c8ba
                                                          • Opcode Fuzzy Hash: 00b2636993de815f8edfcb20ee78838f84da1d89983d35e12a869fbe2a3607f1
                                                          • Instruction Fuzzy Hash: 2A91D573E102469ADB3A8E6CC881EEE7BB9AF45710F198519E809E7140D739DC44CBA0
                                                          Function 003B4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearInit
                                                          • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                          • API String ID: 2610073882-625585964
                                                          • Opcode ID: ad715e11b0fbfdb225408f2bf02ec56e466d7cbe764a35a0c46341c8c7eb62fe
                                                          • Instruction ID: 75a60b4187353414c85a56d600e567e855b1a72abac8051e818c3f2782f776f6
                                                          • Opcode Fuzzy Hash: ad715e11b0fbfdb225408f2bf02ec56e466d7cbe764a35a0c46341c8c7eb62fe
                                                          • Instruction Fuzzy Hash: C191C570A00219AFCF22CFA5C845FEEB7B8EF46714F108559F615AB682DB709941CFA4
                                                          Function 003A1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 003A125C
                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 003A1284
                                                          • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 003A12A8
                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003A12D8
                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003A135F
                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003A13C4
                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 003A1430
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                          • String ID:
                                                          • API String ID: 2550207440-0
                                                          • Opcode ID: 4eb5823ceb68e240330a77df1e37e1b8a929e389fa9fd5acd040d300c152914b
                                                          • Instruction ID: cb9bbc8e52674bb705b8ac1a48ce8e9abe9241c3b68b4d0dcf841ae786a1fbf9
                                                          • Opcode Fuzzy Hash: 4eb5823ceb68e240330a77df1e37e1b8a929e389fa9fd5acd040d300c152914b
                                                          • Instruction Fuzzy Hash: 28913475A00208AFDB07DF99C884BBEB7B9FF06321F118429E941EB291D774E941CB90
                                                          Function 0034948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ObjectSelect$BeginCreatePath
                                                          • String ID:
                                                          • API String ID: 3225163088-0
                                                          • Opcode ID: 193bfafaed8713ac8f1af2c483efbb12d8cba41b7347e996c4d6ea3286bc1c78
                                                          • Instruction ID: 797007579a0e28533807adc3e9f975ca7893f8858cc9af3b6328c6f1ede3e4a7
                                                          • Opcode Fuzzy Hash: 193bfafaed8713ac8f1af2c483efbb12d8cba41b7347e996c4d6ea3286bc1c78
                                                          • Instruction Fuzzy Hash: 1B913A71D00219EFCB12CFA9CC84AEEBBB9FF49320F25459AE515BB251D374A941CB60
                                                          Function 003B3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 003B396B
                                                          • CharUpperBuffW.USER32(?,?), ref: 003B3A7A
                                                          • _wcslen.LIBCMT ref: 003B3A8A
                                                          • VariantClear.OLEAUT32(?), ref: 003B3C1F
                                                            • Part of subcall function 003A0CDF: VariantInit.OLEAUT32(00000000), ref: 003A0D1F
                                                            • Part of subcall function 003A0CDF: VariantCopy.OLEAUT32(?,?), ref: 003A0D28
                                                            • Part of subcall function 003A0CDF: VariantClear.OLEAUT32(?), ref: 003A0D34
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                          • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                          • API String ID: 4137639002-1221869570
                                                          • Opcode ID: 8746c0601a3a4665a068d7ae02ad4c6d84a5cdcb46ec15d11f38d37865dcd34b
                                                          • Instruction ID: 0df644045c66102540d143ff37577256178a5dce3525cc45c5e98cb80bb3884e
                                                          • Opcode Fuzzy Hash: 8746c0601a3a4665a068d7ae02ad4c6d84a5cdcb46ec15d11f38d37865dcd34b
                                                          • Instruction Fuzzy Hash: E4919B756083059FCB05DF28C4819AAB7E4FF89318F14882DF98A9B751DB30EE05CB82
                                                          Function 003B4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0039000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0038FF41,80070057,?,?,?,0039035E), ref: 0039002B
                                                            • Part of subcall function 0039000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0038FF41,80070057,?,?), ref: 00390046
                                                            • Part of subcall function 0039000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0038FF41,80070057,?,?), ref: 00390054
                                                            • Part of subcall function 0039000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0038FF41,80070057,?), ref: 00390064
                                                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 003B4C51
                                                          • _wcslen.LIBCMT ref: 003B4D59
                                                          • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 003B4DCF
                                                          • CoTaskMemFree.OLE32(?), ref: 003B4DDA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                          • String ID: NULL Pointer assignment
                                                          • API String ID: 614568839-2785691316
                                                          • Opcode ID: cae17fc5eb6ef2b9e0a4356ff3d67c5a3483056aa6bd06b1c8d66199aa5f69d1
                                                          • Instruction ID: 2d0893a1946bb391a3cc08195c700352a46244aaad5167382d4d9677d11f03d3
                                                          • Opcode Fuzzy Hash: cae17fc5eb6ef2b9e0a4356ff3d67c5a3483056aa6bd06b1c8d66199aa5f69d1
                                                          • Instruction Fuzzy Hash: D8910771D0021DAFDF16DFA4D891EEEB7B8BF48314F10816AE915AB251DB709A44CFA0
                                                          Function 003C20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetMenu.USER32(?), ref: 003C2183
                                                          • GetMenuItemCount.USER32(00000000), ref: 003C21B5
                                                          • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 003C21DD
                                                          • _wcslen.LIBCMT ref: 003C2213
                                                          • GetMenuItemID.USER32(?,?), ref: 003C224D
                                                          • GetSubMenu.USER32(?,?), ref: 003C225B
                                                            • Part of subcall function 00393A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00393A57
                                                            • Part of subcall function 00393A3D: GetCurrentThreadId.KERNEL32 ref: 00393A5E
                                                            • Part of subcall function 00393A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,003925B3), ref: 00393A65
                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 003C22E3
                                                            • Part of subcall function 0039E97B: Sleep.KERNEL32 ref: 0039E9F3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                          • String ID:
                                                          • API String ID: 4196846111-0
                                                          • Opcode ID: ca79e7f0edad5c8a45bf9991c2583214abe38d0ae76c1ea087dae687f0acfebc
                                                          • Instruction ID: fa04670a1da774262168231863629c5162e7224012d9cfa02a18da1e1a34680d
                                                          • Opcode Fuzzy Hash: ca79e7f0edad5c8a45bf9991c2583214abe38d0ae76c1ea087dae687f0acfebc
                                                          • Instruction Fuzzy Hash: A5716C75A00205AFCB16EF69C885FAEB7F5EF48320F158859E816EB351DB34ED418B90
                                                          Function 003C7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsWindow.USER32(00DA5830), ref: 003C7F37
                                                          • IsWindowEnabled.USER32(00DA5830), ref: 003C7F43
                                                          • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 003C801E
                                                          • SendMessageW.USER32(00DA5830,000000B0,?,?), ref: 003C8051
                                                          • IsDlgButtonChecked.USER32(?,?), ref: 003C8089
                                                          • GetWindowLongW.USER32(00DA5830,000000EC), ref: 003C80AB
                                                          • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 003C80C3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                          • String ID:
                                                          • API String ID: 4072528602-0
                                                          • Opcode ID: 90cef73c42fe79c1f306ab64a3a8e55171aacfb329018e4497bf5697a4652297
                                                          • Instruction ID: 4a5e18f4cb4ba3ab0376b9876f234c6c56a7fb4ee380b6ffa3f1ab981a34b58e
                                                          • Opcode Fuzzy Hash: 90cef73c42fe79c1f306ab64a3a8e55171aacfb329018e4497bf5697a4652297
                                                          • Instruction Fuzzy Hash: 1B719774608214AFEB229F64CCD4FAABBB9EF0A340F15405DE945D72A1CB32AD45DF20
                                                          Function 0039AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetParent.USER32(?), ref: 0039AEF9
                                                          • GetKeyboardState.USER32(?), ref: 0039AF0E
                                                          • SetKeyboardState.USER32(?), ref: 0039AF6F
                                                          • PostMessageW.USER32(?,00000101,00000010,?), ref: 0039AF9D
                                                          • PostMessageW.USER32(?,00000101,00000011,?), ref: 0039AFBC
                                                          • PostMessageW.USER32(?,00000101,00000012,?), ref: 0039AFFD
                                                          • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0039B020
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessagePost$KeyboardState$Parent
                                                          • String ID:
                                                          • API String ID: 87235514-0
                                                          • Opcode ID: 9cc9a9a53937adcdb695f77ca84fa6863c640e84bd90c31df2d3d25f6981ad11
                                                          • Instruction ID: 23c7e8563b71916482b1f8f02d03f38f79f0ae4027870af6171b6ca6929dc1e0
                                                          • Opcode Fuzzy Hash: 9cc9a9a53937adcdb695f77ca84fa6863c640e84bd90c31df2d3d25f6981ad11
                                                          • Instruction Fuzzy Hash: 5B51E4A0A04BD53DFF3743348D49BBABEE95B06304F098589E1DA858C2C3D8ACD8D791
                                                          Function 0039ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetParent.USER32(00000000), ref: 0039AD19
                                                          • GetKeyboardState.USER32(?), ref: 0039AD2E
                                                          • SetKeyboardState.USER32(?), ref: 0039AD8F
                                                          • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0039ADBB
                                                          • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0039ADD8
                                                          • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0039AE17
                                                          • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0039AE38
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessagePost$KeyboardState$Parent
                                                          • String ID:
                                                          • API String ID: 87235514-0
                                                          • Opcode ID: 3337f804bd5b225902d9fe8102b86692726affeb85b994d4818d98aeb82d90a1
                                                          • Instruction ID: 61bfbadbc31200cdeb335b970cb3b50f459233702c2f4e4df2bcd7f31c4cdcf4
                                                          • Opcode Fuzzy Hash: 3337f804bd5b225902d9fe8102b86692726affeb85b994d4818d98aeb82d90a1
                                                          • Instruction Fuzzy Hash: 2451F9A1904BD53DFF3783348C55B7ABED85B46300F098689E1D54A8C2D394EC94E7D2
                                                          Function 0036542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetConsoleCP.KERNEL32(00373CD6,?,?,?,?,?,?,?,?,00365BA3,?,?,00373CD6,?,?), ref: 00365470
                                                          • __fassign.LIBCMT ref: 003654EB
                                                          • __fassign.LIBCMT ref: 00365506
                                                          • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00373CD6,00000005,00000000,00000000), ref: 0036552C
                                                          • WriteFile.KERNEL32(?,00373CD6,00000000,00365BA3,00000000,?,?,?,?,?,?,?,?,?,00365BA3,?), ref: 0036554B
                                                          • WriteFile.KERNEL32(?,?,00000001,00365BA3,00000000,?,?,?,?,?,?,?,?,?,00365BA3,?), ref: 00365584
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                          • String ID:
                                                          • API String ID: 1324828854-0
                                                          • Opcode ID: 95531349c11d1163ed1ab2471164d71e6a9c6c6be0aea897c096a0b64d7d52d8
                                                          • Instruction ID: 57363828ab98470dbcc8f8342fbf873ca7d0acd6a340764332d6825521201b88
                                                          • Opcode Fuzzy Hash: 95531349c11d1163ed1ab2471164d71e6a9c6c6be0aea897c096a0b64d7d52d8
                                                          • Instruction Fuzzy Hash: CB51D7719006499FDB12CFA8D845AEEBBF9EF0A300F14816EF556E7295D730EA41CB60
                                                          Function 003B10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 003B304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 003B307A
                                                            • Part of subcall function 003B304E: _wcslen.LIBCMT ref: 003B309B
                                                          • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 003B1112
                                                          • WSAGetLastError.WSOCK32 ref: 003B1121
                                                          • WSAGetLastError.WSOCK32 ref: 003B11C9
                                                          • closesocket.WSOCK32(00000000), ref: 003B11F9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                          • String ID:
                                                          • API String ID: 2675159561-0
                                                          • Opcode ID: aea6b0599a42708713a10732d2d0daf7f34a1263ff94914fef52d7a78cbab8a3
                                                          • Instruction ID: 421ce458cd622659ae4b9b62277c96a2bf55275bbdc419495e67f1d6d85b1e93
                                                          • Opcode Fuzzy Hash: aea6b0599a42708713a10732d2d0daf7f34a1263ff94914fef52d7a78cbab8a3
                                                          • Instruction Fuzzy Hash: AD41F431600204AFDB129F18C895BEAB7EDEF45328F148059FA09DF691C770AD41CBA0
                                                          Function 0039CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0039DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0039CF22,?), ref: 0039DDFD
                                                            • Part of subcall function 0039DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0039CF22,?), ref: 0039DE16
                                                          • lstrcmpiW.KERNEL32(?,?), ref: 0039CF45
                                                          • MoveFileW.KERNEL32(?,?), ref: 0039CF7F
                                                          • _wcslen.LIBCMT ref: 0039D005
                                                          • _wcslen.LIBCMT ref: 0039D01B
                                                          • SHFileOperationW.SHELL32(?), ref: 0039D061
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                          • String ID: \*.*
                                                          • API String ID: 3164238972-1173974218
                                                          • Opcode ID: e1865751142f8e0f354077c019864b77f9142ca970fa399a6a9e4401bcd38fda
                                                          • Instruction ID: 3e5067dad58adde2d689b9ec07a30cd6c448f047a3372c0ee08ce4558b599913
                                                          • Opcode Fuzzy Hash: e1865751142f8e0f354077c019864b77f9142ca970fa399a6a9e4401bcd38fda
                                                          • Instruction Fuzzy Hash: 894146719452199FDF13EBA4D982EDDB7B9AF08780F1110E6E509EB141EB34AA88CB50
                                                          Function 003C2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 003C2E1C
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 003C2E4F
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 003C2E84
                                                          • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 003C2EB6
                                                          • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 003C2EE0
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 003C2EF1
                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 003C2F0B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: LongWindow$MessageSend
                                                          • String ID:
                                                          • API String ID: 2178440468-0
                                                          • Opcode ID: b9990ca09d7f702880a94cf1e5fe05ef0580aac1abbe77d3bae3555b0a76f936
                                                          • Instruction ID: 1a6ec41be08c7b3831b184fbbf6028170ff563e8e7f63c8e68294ff1ab73d986
                                                          • Opcode Fuzzy Hash: b9990ca09d7f702880a94cf1e5fe05ef0580aac1abbe77d3bae3555b0a76f936
                                                          • Instruction Fuzzy Hash: 9D310330604254AFDB22DF68DD84FA637E5EB8A710F1A1168F944EF2B1CB71AC50DB41
                                                          Function 00397726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00397769
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0039778F
                                                          • SysAllocString.OLEAUT32(00000000), ref: 00397792
                                                          • SysAllocString.OLEAUT32(?), ref: 003977B0
                                                          • SysFreeString.OLEAUT32(?), ref: 003977B9
                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 003977DE
                                                          • SysAllocString.OLEAUT32(?), ref: 003977EC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                          • String ID:
                                                          • API String ID: 3761583154-0
                                                          • Opcode ID: 1e98a382b8293667c3e16783c5bc59818f928b68e8e09b42d9ec6811fa9b1268
                                                          • Instruction ID: 992593386b1421598b647c3897ad48920e74133e19bc6e0d91f92a9f684c1fcf
                                                          • Opcode Fuzzy Hash: 1e98a382b8293667c3e16783c5bc59818f928b68e8e09b42d9ec6811fa9b1268
                                                          • Instruction Fuzzy Hash: CB21A476614219AFDF12DFE9CC88CBB77ECEB09764B058025F915DB190D670EC428760
                                                          Function 003977FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00397842
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00397868
                                                          • SysAllocString.OLEAUT32(00000000), ref: 0039786B
                                                          • SysAllocString.OLEAUT32 ref: 0039788C
                                                          • SysFreeString.OLEAUT32 ref: 00397895
                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 003978AF
                                                          • SysAllocString.OLEAUT32(?), ref: 003978BD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                          • String ID:
                                                          • API String ID: 3761583154-0
                                                          • Opcode ID: 99414e1da697d57c86d9453697c506152a1955b9a83606276c61d61af67a232f
                                                          • Instruction ID: 7a30dbf98e9f68e905b984f348a5961cc03b3133ade18a5df7b37267447cb795
                                                          • Opcode Fuzzy Hash: 99414e1da697d57c86d9453697c506152a1955b9a83606276c61d61af67a232f
                                                          • Instruction Fuzzy Hash: 8221A131618204AFDF12AFA9DC8DDAA77ECFB08360B158125F915CB2A1D670EC41CB64
                                                          Function 003A04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetStdHandle.KERNEL32(0000000C), ref: 003A04F2
                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 003A052E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateHandlePipe
                                                          • String ID: nul
                                                          • API String ID: 1424370930-2873401336
                                                          • Opcode ID: 6c09959c0b8c78984bf53122f0720b363d1e44d1eb9541171b9120f8843b28a1
                                                          • Instruction ID: 924e94311298f20f006d8290e0ceade1920ec93d5608ee88c284543db78a5cb5
                                                          • Opcode Fuzzy Hash: 6c09959c0b8c78984bf53122f0720b363d1e44d1eb9541171b9120f8843b28a1
                                                          • Instruction Fuzzy Hash: C121AD74904305AFCF268F69DC04A9A7BB8EF47760F204A18F8A1E62E0E7709940CF20
                                                          Function 003A05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetStdHandle.KERNEL32(000000F6), ref: 003A05C6
                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 003A0601
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateHandlePipe
                                                          • String ID: nul
                                                          • API String ID: 1424370930-2873401336
                                                          • Opcode ID: 26055a12a23f8b9dcb396ba40b76c9a9d051e44a297b115a18e991a0009b607e
                                                          • Instruction ID: 2c23718b8417d156d0247d305760a9a2b9638a28369c1aef33448ac4ee5a5238
                                                          • Opcode Fuzzy Hash: 26055a12a23f8b9dcb396ba40b76c9a9d051e44a297b115a18e991a0009b607e
                                                          • Instruction Fuzzy Hash: 0E2151755003059BDF2A9F69DC04E9A77E8FF97724F200A19F9A1E72E0E7709960CB10
                                                          Function 003C40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0033600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0033604C
                                                            • Part of subcall function 0033600E: GetStockObject.GDI32(00000011), ref: 00336060
                                                            • Part of subcall function 0033600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0033606A
                                                          • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 003C4112
                                                          • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 003C411F
                                                          • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 003C412A
                                                          • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 003C4139
                                                          • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 003C4145
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                          • String ID: Msctls_Progress32
                                                          • API String ID: 1025951953-3636473452
                                                          • Opcode ID: a2e7b312ffc019606bb6fd5fef9a524408aa79c669b6827d426a5ff594df6d8a
                                                          • Instruction ID: ef6462e361e760809eda076cc7dcc06c785776418d73c9f593e9131d5240f4fb
                                                          • Opcode Fuzzy Hash: a2e7b312ffc019606bb6fd5fef9a524408aa79c669b6827d426a5ff594df6d8a
                                                          • Instruction Fuzzy Hash: FC1190B2150219BEEF129F64CC86EE77F9DEF08798F014111FA18E6150C6729C219BA4
                                                          Function 0036D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0036D7A3: _free.LIBCMT ref: 0036D7CC
                                                          • _free.LIBCMT ref: 0036D82D
                                                            • Part of subcall function 003629C8: HeapFree.KERNEL32(00000000,00000000,?,0036D7D1,00000000,00000000,00000000,00000000,?,0036D7F8,00000000,00000007,00000000,?,0036DBF5,00000000), ref: 003629DE
                                                            • Part of subcall function 003629C8: GetLastError.KERNEL32(00000000,?,0036D7D1,00000000,00000000,00000000,00000000,?,0036D7F8,00000000,00000007,00000000,?,0036DBF5,00000000,00000000), ref: 003629F0
                                                          • _free.LIBCMT ref: 0036D838
                                                          • _free.LIBCMT ref: 0036D843
                                                          • _free.LIBCMT ref: 0036D897
                                                          • _free.LIBCMT ref: 0036D8A2
                                                          • _free.LIBCMT ref: 0036D8AD
                                                          • _free.LIBCMT ref: 0036D8B8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                          • Instruction ID: c2a11515930ef6afda84cb06ec0ff2b28c70ed41142b46cb0cecea6bffa084aa
                                                          • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                          • Instruction Fuzzy Hash: B5115171B40B04AAD523BFB0CC47FCB7BDC6F42700F448825B299AE096DBA6B5154651
                                                          Function 0039DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0039DA74
                                                          • LoadStringW.USER32(00000000), ref: 0039DA7B
                                                          • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0039DA91
                                                          • LoadStringW.USER32(00000000), ref: 0039DA98
                                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0039DADC
                                                          Strings
                                                          • %s (%d) : ==> %s: %s %s, xrefs: 0039DAB9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: HandleLoadModuleString$Message
                                                          • String ID: %s (%d) : ==> %s: %s %s
                                                          • API String ID: 4072794657-3128320259
                                                          • Opcode ID: 8bb8c7effafcaf27d6e4565b1cf2f0eab070c751c806fda005aa5d79a824726e
                                                          • Instruction ID: 2b33e3ac8ee7768aa8920214ffbc85c21ea35e44ec9dedc91bb856ca44b66701
                                                          • Opcode Fuzzy Hash: 8bb8c7effafcaf27d6e4565b1cf2f0eab070c751c806fda005aa5d79a824726e
                                                          • Instruction Fuzzy Hash: 770186F69102087FEB12ABA49D89EF7336CE708301F445496F74AE2041EA74AE854F74
                                                          Function 003A096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InterlockedExchange.KERNEL32(00D9E118,00D9E118), ref: 003A097B
                                                          • EnterCriticalSection.KERNEL32(00D9E0F8,00000000), ref: 003A098D
                                                          • TerminateThread.KERNEL32(?,000001F6), ref: 003A099B
                                                          • WaitForSingleObject.KERNEL32(?,000003E8), ref: 003A09A9
                                                          • CloseHandle.KERNEL32(?), ref: 003A09B8
                                                          • InterlockedExchange.KERNEL32(00D9E118,000001F6), ref: 003A09C8
                                                          • LeaveCriticalSection.KERNEL32(00D9E0F8), ref: 003A09CF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                          • String ID:
                                                          • API String ID: 3495660284-0
                                                          • Opcode ID: 6a7db9aaec4c1f98b14ec9bcf86b757a681260d55fb0a13174300eb4b2c360e4
                                                          • Instruction ID: 4610fb0a3245222a2599ec800cd1d3fa9c1207b3c6b5d5b04b4b2d44b9a5f2fa
                                                          • Opcode Fuzzy Hash: 6a7db9aaec4c1f98b14ec9bcf86b757a681260d55fb0a13174300eb4b2c360e4
                                                          • Instruction Fuzzy Hash: D8F01932452A02ABDB465BA4EE8CED6BA39FF02702F402525F206908A0C774A465CF90
                                                          Function 00335D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetClientRect.USER32(?,?), ref: 00335D30
                                                          • GetWindowRect.USER32(?,?), ref: 00335D71
                                                          • ScreenToClient.USER32(?,?), ref: 00335D99
                                                          • GetClientRect.USER32(?,?), ref: 00335ED7
                                                          • GetWindowRect.USER32(?,?), ref: 00335EF8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Rect$Client$Window$Screen
                                                          • String ID:
                                                          • API String ID: 1296646539-0
                                                          • Opcode ID: c2eb12aa6472e5006e363832ddce1fbb8be0b6e082e3aa3d074fa5d7f5aa82cb
                                                          • Instruction ID: 70254636c03ae61ea80c2711e3445bf1afc056fe80dd5a39464663e35aa82525
                                                          • Opcode Fuzzy Hash: c2eb12aa6472e5006e363832ddce1fbb8be0b6e082e3aa3d074fa5d7f5aa82cb
                                                          • Instruction Fuzzy Hash: A7B18935A00B4ADBDB21CFA9C4807EEB7F5FF48310F14941AE8AAD7650DB34AA51DB50
                                                          Function 003601B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __allrem.LIBCMT ref: 003600BA
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003600D6
                                                          • __allrem.LIBCMT ref: 003600ED
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0036010B
                                                          • __allrem.LIBCMT ref: 00360122
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00360140
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                          • String ID:
                                                          • API String ID: 1992179935-0
                                                          • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                          • Instruction ID: 65b1f48eb61d0aa5cd6c7c63b1f7658b71cfacf1c74ba5b0465c3ef8e8350ceb
                                                          • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                          • Instruction Fuzzy Hash: 7B8149766007069FE7269F38CC42B6BB3E8AF41720F25863AF851DB691E770D9048B50
                                                          Function 003B1D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 003B3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,003B101C,00000000,?,?,00000000), ref: 003B3195
                                                          • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 003B1DC0
                                                          • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 003B1DE1
                                                          • WSAGetLastError.WSOCK32 ref: 003B1DF2
                                                          • inet_ntoa.WSOCK32(?), ref: 003B1E8C
                                                          • htons.WSOCK32(?,?,?,?,?), ref: 003B1EDB
                                                          • _strlen.LIBCMT ref: 003B1F35
                                                            • Part of subcall function 003939E8: _strlen.LIBCMT ref: 003939F2
                                                            • Part of subcall function 00336D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0034CF58,?,?,?), ref: 00336DBA
                                                            • Part of subcall function 00336D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0034CF58,?,?,?), ref: 00336DED
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                          • String ID:
                                                          • API String ID: 1923757996-0
                                                          • Opcode ID: bbb927a8c4aa37befebe6d08d876d53859d69f4146c367d43bcda67524abb3a6
                                                          • Instruction ID: 4587478b3efcd3d6486c04aacc27b5fb759a6f9cb979c1d1539757894a463c51
                                                          • Opcode Fuzzy Hash: bbb927a8c4aa37befebe6d08d876d53859d69f4146c367d43bcda67524abb3a6
                                                          • Instruction Fuzzy Hash: 13A1CF31204300AFC326DB24C895F7AB7E5AF85318F948A4CF6565F6A2CB71ED45CB91
                                                          Function 003661FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,003582D9,003582D9,?,?,?,0036644F,00000001,00000001,8BE85006), ref: 00366258
                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0036644F,00000001,00000001,8BE85006,?,?,?), ref: 003662DE
                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 003663D8
                                                          • __freea.LIBCMT ref: 003663E5
                                                            • Part of subcall function 00363820: RtlAllocateHeap.NTDLL(00000000,?,00401444,?,0034FDF5,?,?,0033A976,00000010,00401440,003313FC,?,003313C6,?,00331129), ref: 00363852
                                                          • __freea.LIBCMT ref: 003663EE
                                                          • __freea.LIBCMT ref: 00366413
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1414292761-0
                                                          • Opcode ID: 8214d981a21ae79543a3d2a7aafdd29badca6bacc941bde5e856a909270c780e
                                                          • Instruction ID: ef221e313deaedfb21550f715ef4422660298a2be68c2c68106f0310d9e558e6
                                                          • Opcode Fuzzy Hash: 8214d981a21ae79543a3d2a7aafdd29badca6bacc941bde5e856a909270c780e
                                                          • Instruction Fuzzy Hash: 0C51D672600216ABDB278F64CC82EBF77A9EF45790F268629FD05DB258DB34DC40C660
                                                          Function 003BBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                            • Part of subcall function 003BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003BB6AE,?,?), ref: 003BC9B5
                                                            • Part of subcall function 003BC998: _wcslen.LIBCMT ref: 003BC9F1
                                                            • Part of subcall function 003BC998: _wcslen.LIBCMT ref: 003BCA68
                                                            • Part of subcall function 003BC998: _wcslen.LIBCMT ref: 003BCA9E
                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003BBCCA
                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003BBD25
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 003BBD6A
                                                          • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 003BBD99
                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 003BBDF3
                                                          • RegCloseKey.ADVAPI32(?), ref: 003BBDFF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                          • String ID:
                                                          • API String ID: 1120388591-0
                                                          • Opcode ID: fd6d08f607a9dbecad9f5aab7f4fa2154e9bca8399344cd178214d2394d35a49
                                                          • Instruction ID: fc6f79350383439aa489b4f4e19fb7d627ee3255add851424da7f128fdbba154
                                                          • Opcode Fuzzy Hash: fd6d08f607a9dbecad9f5aab7f4fa2154e9bca8399344cd178214d2394d35a49
                                                          • Instruction Fuzzy Hash: 63818C30208241AFD716DF24C891E6ABBE9FF84308F14855CF5998B6A2DF71ED45CB92
                                                          Function 0038F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(00000035), ref: 0038F7B9
                                                          • SysAllocString.OLEAUT32(00000001), ref: 0038F860
                                                          • VariantCopy.OLEAUT32(0038FA64,00000000), ref: 0038F889
                                                          • VariantClear.OLEAUT32(0038FA64), ref: 0038F8AD
                                                          • VariantCopy.OLEAUT32(0038FA64,00000000), ref: 0038F8B1
                                                          • VariantClear.OLEAUT32(?), ref: 0038F8BB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearCopy$AllocInitString
                                                          • String ID:
                                                          • API String ID: 3859894641-0
                                                          • Opcode ID: f43910585786473551dc6adec5591c58ebc60f3f277d79801652f73af845b372
                                                          • Instruction ID: 73afe11c9b6a47092692a5bfac929a34a898c551e4e4215781a63787432aa4e5
                                                          • Opcode Fuzzy Hash: f43910585786473551dc6adec5591c58ebc60f3f277d79801652f73af845b372
                                                          • Instruction Fuzzy Hash: 6E51D331610310FFCF26BB65D895B29B3A8EF45310F2494A7E906DF296DB709C40CBA6
                                                          Function 003A910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00337620: _wcslen.LIBCMT ref: 00337625
                                                            • Part of subcall function 00336B57: _wcslen.LIBCMT ref: 00336B6A
                                                          • GetOpenFileNameW.COMDLG32(00000058), ref: 003A94E5
                                                          • _wcslen.LIBCMT ref: 003A9506
                                                          • _wcslen.LIBCMT ref: 003A952D
                                                          • GetSaveFileNameW.COMDLG32(00000058), ref: 003A9585
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$FileName$OpenSave
                                                          • String ID: X
                                                          • API String ID: 83654149-3081909835
                                                          • Opcode ID: e5b5aaf301e04ea2928fc19857d44b64ad569a33ac977bca8ffabe8be418ea22
                                                          • Instruction ID: a41c7d0552c40e9eeedcf4f0e8b70e1f8fc78be0f4fa18fdc296bae8c427ab73
                                                          • Opcode Fuzzy Hash: e5b5aaf301e04ea2928fc19857d44b64ad569a33ac977bca8ffabe8be418ea22
                                                          • Instruction Fuzzy Hash: 21E181355083409FD726DF24C485B6AB7E4FF86314F05896EF8899B2A2DB31DD05CB92
                                                          Function 0034920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00349BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00349BB2
                                                          • BeginPaint.USER32(?,?,?), ref: 00349241
                                                          • GetWindowRect.USER32(?,?), ref: 003492A5
                                                          • ScreenToClient.USER32(?,?), ref: 003492C2
                                                          • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 003492D3
                                                          • EndPaint.USER32(?,?,?,?,?), ref: 00349321
                                                          • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 003871EA
                                                            • Part of subcall function 00349339: BeginPath.GDI32(00000000), ref: 00349357
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                          • String ID:
                                                          • API String ID: 3050599898-0
                                                          • Opcode ID: aaa98197f0122611f0070b7ed177810fef0827fcbdef6a3cb401b48de2bd82c6
                                                          • Instruction ID: a1008a1da1d2973f626ae633d51c06c7b062c089c6a9d6b6993074defb043f85
                                                          • Opcode Fuzzy Hash: aaa98197f0122611f0070b7ed177810fef0827fcbdef6a3cb401b48de2bd82c6
                                                          • Instruction Fuzzy Hash: 30419F70104300AFD722DF25CC89FAB7BE9EB4A320F14066AF994DB2B1C771A845DB61
                                                          Function 003A07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InterlockedExchange.KERNEL32(?,000001F5), ref: 003A080C
                                                          • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 003A0847
                                                          • EnterCriticalSection.KERNEL32(?), ref: 003A0863
                                                          • LeaveCriticalSection.KERNEL32(?), ref: 003A08DC
                                                          • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 003A08F3
                                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 003A0921
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                          • String ID:
                                                          • API String ID: 3368777196-0
                                                          • Opcode ID: befcde91fedf7b9e9c63d67629c4448ff2957cffab11d93a4b144b78e1914b00
                                                          • Instruction ID: f8a52fc011dcf4564d107c21c18b90b5350d92702f951b1c047642abb960b562
                                                          • Opcode Fuzzy Hash: befcde91fedf7b9e9c63d67629c4448ff2957cffab11d93a4b144b78e1914b00
                                                          • Instruction Fuzzy Hash: F2416A71900205EFDF1AAF54DC85AAAB7B8FF05300F1440A9ED04DE2A6D734EE65DBA4
                                                          Function 003C81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0038F3AB,00000000,?,?,00000000,?,0038682C,00000004,00000000,00000000), ref: 003C824C
                                                          • EnableWindow.USER32(?,00000000), ref: 003C8272
                                                          • ShowWindow.USER32(FFFFFFFF,00000000), ref: 003C82D1
                                                          • ShowWindow.USER32(?,00000004), ref: 003C82E5
                                                          • EnableWindow.USER32(?,00000001), ref: 003C830B
                                                          • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 003C832F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Show$Enable$MessageSend
                                                          • String ID:
                                                          • API String ID: 642888154-0
                                                          • Opcode ID: c29b87169cb2cef1ae14100d2324e8fd691b3270df35eb1b35bf0a4952933788
                                                          • Instruction ID: 85361f9034726c9eead3bd9465f2abb9acb70f645d4db18a0717f1bea566d4ad
                                                          • Opcode Fuzzy Hash: c29b87169cb2cef1ae14100d2324e8fd691b3270df35eb1b35bf0a4952933788
                                                          • Instruction Fuzzy Hash: FA418E78601644AFDB22CF15C999FA47BF0FB0A714F1952ADE508DB2B2CB32AD41CB54
                                                          Function 00394C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsWindowVisible.USER32(?), ref: 00394C95
                                                          • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00394CB2
                                                          • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00394CEA
                                                          • _wcslen.LIBCMT ref: 00394D08
                                                          • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00394D10
                                                          • _wcsstr.LIBVCRUNTIME ref: 00394D1A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                          • String ID:
                                                          • API String ID: 72514467-0
                                                          • Opcode ID: 61418713c1695366e0f54221176776db91a26ff6789f3cc7603fd523fcd86c8c
                                                          • Instruction ID: 25956ae18263185f4a3cbf26e05e8572cd29faee1c1c2f11c25d25c56409d35b
                                                          • Opcode Fuzzy Hash: 61418713c1695366e0f54221176776db91a26ff6789f3cc7603fd523fcd86c8c
                                                          • Instruction Fuzzy Hash: 1B21F676604200BFEF175B39AD49E7BBBACDF45750F158029F809CE192EA61DC4297A0
                                                          Function 003A581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00333AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00333A97,?,?,00332E7F,?,?,?,00000000), ref: 00333AC2
                                                          • _wcslen.LIBCMT ref: 003A587B
                                                          • CoInitialize.OLE32(00000000), ref: 003A5995
                                                          • CoCreateInstance.OLE32(003CFCF8,00000000,00000001,003CFB68,?), ref: 003A59AE
                                                          • CoUninitialize.OLE32 ref: 003A59CC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                          • String ID: .lnk
                                                          • API String ID: 3172280962-24824748
                                                          • Opcode ID: 16761ed8ab8b31bf09243bd1ef06638f0d642bfc6690dc3a2a852c1ea42b6911
                                                          • Instruction ID: d3c0d65fb048b0ee25f710c8d47b7eea940051800bd8d6434b0169704944416c
                                                          • Opcode Fuzzy Hash: 16761ed8ab8b31bf09243bd1ef06638f0d642bfc6690dc3a2a852c1ea42b6911
                                                          • Instruction Fuzzy Hash: BDD152756087019FC716DF24C480A2ABBE5FF8A720F15895DF88A9B361DB31EC45CB92
                                                          Function 0039175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00390FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00390FCA
                                                            • Part of subcall function 00390FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00390FD6
                                                            • Part of subcall function 00390FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00390FE5
                                                            • Part of subcall function 00390FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00390FEC
                                                            • Part of subcall function 00390FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00391002
                                                          • GetLengthSid.ADVAPI32(?,00000000,00391335), ref: 003917AE
                                                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 003917BA
                                                          • HeapAlloc.KERNEL32(00000000), ref: 003917C1
                                                          • CopySid.ADVAPI32(00000000,00000000,?), ref: 003917DA
                                                          • GetProcessHeap.KERNEL32(00000000,00000000,00391335), ref: 003917EE
                                                          • HeapFree.KERNEL32(00000000), ref: 003917F5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                          • String ID:
                                                          • API String ID: 3008561057-0
                                                          • Opcode ID: 286da6f94cdc82ced2c6b8b0fd3a8b725a8a6173d396e4c535e8c5e9f1e4ff82
                                                          • Instruction ID: 444dcba57190ea6bcf381bbb112bd986a2362c892acf718935e5cf20a67283c6
                                                          • Opcode Fuzzy Hash: 286da6f94cdc82ced2c6b8b0fd3a8b725a8a6173d396e4c535e8c5e9f1e4ff82
                                                          • Instruction Fuzzy Hash: EC11A932A20206FFDF229FA5CC49FAE7BADEB41355F144018F486E7220C736A940CB60
                                                          Function 003914CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 003914FF
                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00391506
                                                          • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00391515
                                                          • CloseHandle.KERNEL32(00000004), ref: 00391520
                                                          • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0039154F
                                                          • DestroyEnvironmentBlock.USERENV(00000000), ref: 00391563
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                          • String ID:
                                                          • API String ID: 1413079979-0
                                                          • Opcode ID: 35feb44f80e7b52634de46ea23375a39a5290d811f14582e2264ac2bb4a3fe3f
                                                          • Instruction ID: dc2282a5aad6c3d26b2b6630ee3ab2207c12f474cb2805b03877d4f0cf9e2bbe
                                                          • Opcode Fuzzy Hash: 35feb44f80e7b52634de46ea23375a39a5290d811f14582e2264ac2bb4a3fe3f
                                                          • Instruction Fuzzy Hash: A111147250024AABDF128FA8ED49FDA7BADFB49744F064025FA09A2060C375DE61DB60
                                                          Function 00353382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,00353379,00352FE5), ref: 00353390
                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0035339E
                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 003533B7
                                                          • SetLastError.KERNEL32(00000000,?,00353379,00352FE5), ref: 00353409
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLastValue___vcrt_
                                                          • String ID:
                                                          • API String ID: 3852720340-0
                                                          • Opcode ID: 8fc183a376a6a41c44298a7e984342a8ff819d16d354a4a263d84cb6f917c1c8
                                                          • Instruction ID: 58bc309685bb793319ab707287d7bba639b618725c3d9d159c6f7d406e056b3c
                                                          • Opcode Fuzzy Hash: 8fc183a376a6a41c44298a7e984342a8ff819d16d354a4a263d84cb6f917c1c8
                                                          • Instruction Fuzzy Hash: E2012436619316BEE62727757DC5DA72A98EB053FBB21022DFC10891F0EF218D0E9648
                                                          Function 00362D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,00365686,00373CD6,?,00000000,?,00365B6A,?,?,?,?,?,0035E6D1,?,003F8A48), ref: 00362D78
                                                          • _free.LIBCMT ref: 00362DAB
                                                          • _free.LIBCMT ref: 00362DD3
                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,0035E6D1,?,003F8A48,00000010,00334F4A,?,?,00000000,00373CD6), ref: 00362DE0
                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,0035E6D1,?,003F8A48,00000010,00334F4A,?,?,00000000,00373CD6), ref: 00362DEC
                                                          • _abort.LIBCMT ref: 00362DF2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$_free$_abort
                                                          • String ID:
                                                          • API String ID: 3160817290-0
                                                          • Opcode ID: cd8bda2f84f5eabd53fc2e8b3e32cb1f71c784001596ac7cdb340a76cfa472d4
                                                          • Instruction ID: d4b2789fe566684b7fb478adc3dbb381a3d299b34546a53839dc7897a8ef3223
                                                          • Opcode Fuzzy Hash: cd8bda2f84f5eabd53fc2e8b3e32cb1f71c784001596ac7cdb340a76cfa472d4
                                                          • Instruction Fuzzy Hash: 9CF0C835A44E0167C2132738BD1AE6F255DAFC37A1F27C418F838DA1DEEF3498114260
                                                          Function 003C8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00349639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00349693
                                                            • Part of subcall function 00349639: SelectObject.GDI32(?,00000000), ref: 003496A2
                                                            • Part of subcall function 00349639: BeginPath.GDI32(?), ref: 003496B9
                                                            • Part of subcall function 00349639: SelectObject.GDI32(?,00000000), ref: 003496E2
                                                          • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 003C8A4E
                                                          • LineTo.GDI32(?,00000003,00000000), ref: 003C8A62
                                                          • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 003C8A70
                                                          • LineTo.GDI32(?,00000000,00000003), ref: 003C8A80
                                                          • EndPath.GDI32(?), ref: 003C8A90
                                                          • StrokePath.GDI32(?), ref: 003C8AA0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                          • String ID:
                                                          • API String ID: 43455801-0
                                                          • Opcode ID: 2a720f713fc64bc7fa54cbafd882cfda3dcc587829b0eedaa337a2aaf5344e61
                                                          • Instruction ID: a85a6b7708529a49cf51765b60a530242981fe495e23f79403b0cbeeabdfafc8
                                                          • Opcode Fuzzy Hash: 2a720f713fc64bc7fa54cbafd882cfda3dcc587829b0eedaa337a2aaf5344e61
                                                          • Instruction Fuzzy Hash: 3E110976400118FFDB129F90DC88FEA7F6CEB08350F048026FA599A1A1C771AE55DFA0
                                                          Function 003951FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDC.USER32(00000000), ref: 00395218
                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00395229
                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00395230
                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00395238
                                                          • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0039524F
                                                          • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00395261
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CapsDevice$Release
                                                          • String ID:
                                                          • API String ID: 1035833867-0
                                                          • Opcode ID: d806107469f5aec186abb75e1256f14c3a2f2d278d135f14969df1e244741ba0
                                                          • Instruction ID: 7cea885f61d66a39d5c59e428a735347cd046af2417992d790f2ab0254710616
                                                          • Opcode Fuzzy Hash: d806107469f5aec186abb75e1256f14c3a2f2d278d135f14969df1e244741ba0
                                                          • Instruction Fuzzy Hash: B2014475A01714BBEF116BA59D49E5EBF78FB44751F084465FA08EB281D6709810CB60
                                                          Function 00331BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00331BF4
                                                          • MapVirtualKeyW.USER32(00000010,00000000), ref: 00331BFC
                                                          • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00331C07
                                                          • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00331C12
                                                          • MapVirtualKeyW.USER32(00000011,00000000), ref: 00331C1A
                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00331C22
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Virtual
                                                          • String ID:
                                                          • API String ID: 4278518827-0
                                                          • Opcode ID: 1dbf9536b93b398a80692d7e75a7a6eecf7ece35a36c7c4af1574c6ef35f3cc6
                                                          • Instruction ID: ee8bdd0a28db86e969ce8904682e86a5bc5c0dc111bfc0b855cc15b71d0c14ff
                                                          • Opcode Fuzzy Hash: 1dbf9536b93b398a80692d7e75a7a6eecf7ece35a36c7c4af1574c6ef35f3cc6
                                                          • Instruction Fuzzy Hash: F1016CB09027597DE3008F5A8C85B52FFA8FF19354F04411BD15C47A41C7F5A864CBE5
                                                          Function 0039EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0039EB30
                                                          • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0039EB46
                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 0039EB55
                                                          • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0039EB64
                                                          • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0039EB6E
                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0039EB75
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                          • String ID:
                                                          • API String ID: 839392675-0
                                                          • Opcode ID: fa25b775629497eb7d4134999facb2fb21b837184c1e7ac2448730284f4eaf0d
                                                          • Instruction ID: f1f1b056a8e0babc836813d6356f38e12b87ef5635e010ae369e9deb46df2eda
                                                          • Opcode Fuzzy Hash: fa25b775629497eb7d4134999facb2fb21b837184c1e7ac2448730284f4eaf0d
                                                          • Instruction Fuzzy Hash: 45F0BE72610158BBE7225B639C0EEEF7E7CEFCAB15F041158F605D1090D7A02A01C7B4
                                                          Function 00387439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetClientRect.USER32(?), ref: 00387452
                                                          • SendMessageW.USER32(?,00001328,00000000,?), ref: 00387469
                                                          • GetWindowDC.USER32(?), ref: 00387475
                                                          • GetPixel.GDI32(00000000,?,?), ref: 00387484
                                                          • ReleaseDC.USER32(?,00000000), ref: 00387496
                                                          • GetSysColor.USER32(00000005), ref: 003874B0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                          • String ID:
                                                          • API String ID: 272304278-0
                                                          • Opcode ID: 799e3b8fc598453bc473c9f9c9a9a83cac68006597b47f545a5cc33f3bb8d383
                                                          • Instruction ID: 7dea8eba5a749d9861e6462db8ca9d42b8288cd6998699b0e358afc542bc190a
                                                          • Opcode Fuzzy Hash: 799e3b8fc598453bc473c9f9c9a9a83cac68006597b47f545a5cc33f3bb8d383
                                                          • Instruction Fuzzy Hash: B6018F31410205EFDB129FA5DD08FEA7BBAFB04311F251060F919E30A1CB312D51EB10
                                                          Function 00391874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0039187F
                                                          • UnloadUserProfile.USERENV(?,?), ref: 0039188B
                                                          • CloseHandle.KERNEL32(?), ref: 00391894
                                                          • CloseHandle.KERNEL32(?), ref: 0039189C
                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 003918A5
                                                          • HeapFree.KERNEL32(00000000), ref: 003918AC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                          • String ID:
                                                          • API String ID: 146765662-0
                                                          • Opcode ID: 0922549d908556d086e41ceee048fe877e8cce9c1cdda9796075a0cbd9730f2a
                                                          • Instruction ID: 17fb4ca6e805e2ac1d0cd051674226edfa2a07651f3670239db25e32117c85bf
                                                          • Opcode Fuzzy Hash: 0922549d908556d086e41ceee048fe877e8cce9c1cdda9796075a0cbd9730f2a
                                                          • Instruction Fuzzy Hash: D5E0C236414501BBDB025BA2ED0CD0ABB2DFB49B22B109220F229C1470CB32A420DB50
                                                          Function 0033BBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __Init_thread_footer.LIBCMT ref: 0033BEB3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Init_thread_footer
                                                          • String ID: D%@$D%@$D%@$D%@D%@
                                                          • API String ID: 1385522511-1921936383
                                                          • Opcode ID: c7dc66ac17504900feead5880d997ebd216b111b2e652e32b198f9a5f7f8413f
                                                          • Instruction ID: bb118b0d89e2df1c9824a903c518a52dd3e23ea8869386db254085b30d89e7b3
                                                          • Opcode Fuzzy Hash: c7dc66ac17504900feead5880d997ebd216b111b2e652e32b198f9a5f7f8413f
                                                          • Instruction Fuzzy Hash: 11915975A0020ADFCB29CF58C4D06AAF7F5FF58314F25816ADA45AB350D771AA81CB90
                                                          Function 003B7B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00350242: EnterCriticalSection.KERNEL32(0040070C,00401884,?,?,0034198B,00402518,?,?,?,003312F9,00000000), ref: 0035024D
                                                            • Part of subcall function 00350242: LeaveCriticalSection.KERNEL32(0040070C,?,0034198B,00402518,?,?,?,003312F9,00000000), ref: 0035028A
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                            • Part of subcall function 003500A3: __onexit.LIBCMT ref: 003500A9
                                                          • __Init_thread_footer.LIBCMT ref: 003B7BFB
                                                            • Part of subcall function 003501F8: EnterCriticalSection.KERNEL32(0040070C,?,?,00348747,00402514), ref: 00350202
                                                            • Part of subcall function 003501F8: LeaveCriticalSection.KERNEL32(0040070C,?,00348747,00402514), ref: 00350235
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                          • String ID: +T8$5$G$Variable must be of type 'Object'.
                                                          • API String ID: 535116098-1932661733
                                                          • Opcode ID: f46797366da1d49476f1ad5721292d59f67586234648b4a7097311362eca141a
                                                          • Instruction ID: 8e37fc7e0bd031957180e0d6a515cccca447c56945e448e6fbb56f30c2e63b85
                                                          • Opcode Fuzzy Hash: f46797366da1d49476f1ad5721292d59f67586234648b4a7097311362eca141a
                                                          • Instruction Fuzzy Hash: FE919B74A04208AFCB16EF54C891DEDBBB5EF85348F10805DF906AF692DB71AE41CB50
                                                          Function 0039C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00337620: _wcslen.LIBCMT ref: 00337625
                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0039C6EE
                                                          • _wcslen.LIBCMT ref: 0039C735
                                                          • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0039C79C
                                                          • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0039C7CA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ItemMenu$Info_wcslen$Default
                                                          • String ID: 0
                                                          • API String ID: 1227352736-4108050209
                                                          • Opcode ID: 56b9b81aa6bdef78a9be4efa4b99f700758a414c8883bc982414aed18d8a2157
                                                          • Instruction ID: 2c2055b45f246f24631369c05e52af54afa4fc8607dfee1ff71c133893b29fbb
                                                          • Opcode Fuzzy Hash: 56b9b81aa6bdef78a9be4efa4b99f700758a414c8883bc982414aed18d8a2157
                                                          • Instruction Fuzzy Hash: 2751EF726243009FDB129F68C885B6BB7E8AF49310F082A2DF995E71E0DB74DD04CB52
                                                          Function 003BAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ShellExecuteExW.SHELL32(0000003C), ref: 003BAEA3
                                                            • Part of subcall function 00337620: _wcslen.LIBCMT ref: 00337625
                                                          • GetProcessId.KERNEL32(00000000), ref: 003BAF38
                                                          • CloseHandle.KERNEL32(00000000), ref: 003BAF67
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseExecuteHandleProcessShell_wcslen
                                                          • String ID: <$@
                                                          • API String ID: 146682121-1426351568
                                                          • Opcode ID: 905d53f4357f3ddffecbed60f1b97be6d9c7ebf829273fbc1de1bf4fed0c7393
                                                          • Instruction ID: e3abea7474b37f7092d13c6a801548e2f7d3db620e35da19ac93007b685e908c
                                                          • Opcode Fuzzy Hash: 905d53f4357f3ddffecbed60f1b97be6d9c7ebf829273fbc1de1bf4fed0c7393
                                                          • Instruction Fuzzy Hash: 0D717775A00A18DFCB16DF54C484A9EBBF0BF08314F058499E856AF7A2CB74ED41CB91
                                                          Function 0039719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00397206
                                                          • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0039723C
                                                          • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0039724D
                                                          • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 003972CF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorMode$AddressCreateInstanceProc
                                                          • String ID: DllGetClassObject
                                                          • API String ID: 753597075-1075368562
                                                          • Opcode ID: 2c27b52494a5ed717e6b523666422b7824c136e56eda254bbad4d92d756a7fde
                                                          • Instruction ID: aef1fbe1eb146554f81be2a67f22ce51ac65557b8bff15777f6c4f31df5ed0a4
                                                          • Opcode Fuzzy Hash: 2c27b52494a5ed717e6b523666422b7824c136e56eda254bbad4d92d756a7fde
                                                          • Instruction Fuzzy Hash: 31418E72624204EFDF16CF54C884A9A7BA9EF44710F2584A9FD09DF28AD7B1DD40CBA0
                                                          Function 003C3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003C3E35
                                                          • IsMenu.USER32(?), ref: 003C3E4A
                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 003C3E92
                                                          • DrawMenuBar.USER32 ref: 003C3EA5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Menu$Item$DrawInfoInsert
                                                          • String ID: 0
                                                          • API String ID: 3076010158-4108050209
                                                          • Opcode ID: dc87b99bda6b14d585317b5f4c00cf04a4bff68118abae7996a8fe45140f8f11
                                                          • Instruction ID: 221db273428f4687e741cf7d32108f035e25e7782679cffbae74cd7903b1dc4f
                                                          • Opcode Fuzzy Hash: dc87b99bda6b14d585317b5f4c00cf04a4bff68118abae7996a8fe45140f8f11
                                                          • Instruction Fuzzy Hash: 74413876A11209AFDB11DF60D884EAABBB9FF49354F05812DF905EB250D730AE45CFA0
                                                          Function 00391DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                            • Part of subcall function 00393CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00393CCA
                                                          • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00391E66
                                                          • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00391E79
                                                          • SendMessageW.USER32(?,00000189,?,00000000), ref: 00391EA9
                                                            • Part of subcall function 00336B57: _wcslen.LIBCMT ref: 00336B6A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$_wcslen$ClassName
                                                          • String ID: ComboBox$ListBox
                                                          • API String ID: 2081771294-1403004172
                                                          • Opcode ID: 949e50aab62924eeb42ba779cefc20125609fa5402ae0679d160040b013141dc
                                                          • Instruction ID: 2cb346bf5262356da2cf58a9bafc8c6d97d83e8aedafa851a1539eec87f4b42a
                                                          • Opcode Fuzzy Hash: 949e50aab62924eeb42ba779cefc20125609fa5402ae0679d160040b013141dc
                                                          • Instruction Fuzzy Hash: 1121F176A00108BEDF16ABA4DC8ADFFB7B8DF45350F144119F925AB1E1DB74590A8A20
                                                          Function 003BC9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen
                                                          • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                          • API String ID: 176396367-4004644295
                                                          • Opcode ID: 0adc800f1a768184dace9d2609eecb138e544b0a01fcadfd32b5f97f40f3aa92
                                                          • Instruction ID: c4978d9d7dea780c5c91a829822389b4bac433a5eeb260e2323eb8bcfdbf1668
                                                          • Opcode Fuzzy Hash: 0adc800f1a768184dace9d2609eecb138e544b0a01fcadfd32b5f97f40f3aa92
                                                          • Instruction Fuzzy Hash: 3831F532A2016E8ACB33DE2C99405FE33A19BA1758F165029EE41AF745EA71CD8493A0
                                                          Function 003C2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 003C2F8D
                                                          • LoadLibraryW.KERNEL32(?), ref: 003C2F94
                                                          • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 003C2FA9
                                                          • DestroyWindow.USER32(?), ref: 003C2FB1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$DestroyLibraryLoadWindow
                                                          • String ID: SysAnimate32
                                                          • API String ID: 3529120543-1011021900
                                                          • Opcode ID: e74fb0f2eea6cd0bd91886870837b1d529cbe2079a6027dc37d0822608d5402e
                                                          • Instruction ID: 79338a4c1d4d0a03ca501d166e3cafc585f22e994e2b3670428ced915eb555c7
                                                          • Opcode Fuzzy Hash: e74fb0f2eea6cd0bd91886870837b1d529cbe2079a6027dc37d0822608d5402e
                                                          • Instruction Fuzzy Hash: 1E21AC72204209ABEB228F64DC80FBB77BDEB59364F12562CFA50D61A0DB71EC519760
                                                          Function 00354D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00354D1E,003628E9,?,00354CBE,003628E9,003F88B8,0000000C,00354E15,003628E9,00000002), ref: 00354D8D
                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00354DA0
                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00354D1E,003628E9,?,00354CBE,003628E9,003F88B8,0000000C,00354E15,003628E9,00000002,00000000), ref: 00354DC3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                          • String ID: CorExitProcess$mscoree.dll
                                                          • API String ID: 4061214504-1276376045
                                                          • Opcode ID: 18badcfbdbb59c4b08fb18e3ea1d0ed0597a0c58453d05eba831195b68eeda5a
                                                          • Instruction ID: a0c4dd18dcbdfefaca2e9603b6fbe6e90d87aa5378a33bdc364f7aeb5aa1416c
                                                          • Opcode Fuzzy Hash: 18badcfbdbb59c4b08fb18e3ea1d0ed0597a0c58453d05eba831195b68eeda5a
                                                          • Instruction Fuzzy Hash: 98F08C35A50208ABDB169B90DC49FEEBBF8EF04712F0400A4EC09A6260CB30A984CB90
                                                          Function 0038D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32 ref: 0038D3AD
                                                          • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0038D3BF
                                                          • FreeLibrary.KERNEL32(00000000), ref: 0038D3E5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Library$AddressFreeLoadProc
                                                          • String ID: GetSystemWow64DirectoryW$X64
                                                          • API String ID: 145871493-2590602151
                                                          • Opcode ID: d6acae019a3340cd75dd6769bd02aab0e1291a39984b301b319b2415d4d2f961
                                                          • Instruction ID: 1e14141e35c353131c87f7ee00333b0ffb3ef425a40f1e48751b672d4583e496
                                                          • Opcode Fuzzy Hash: d6acae019a3340cd75dd6769bd02aab0e1291a39984b301b319b2415d4d2f961
                                                          • Instruction Fuzzy Hash: 01F05538845B20ABD73337108C08E69B31CAF00701F5A95D9F80BE20C4CB70DD408782
                                                          Function 00334E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00334EDD,?,00401418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00334E9C
                                                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00334EAE
                                                          • FreeLibrary.KERNEL32(00000000,?,?,00334EDD,?,00401418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00334EC0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Library$AddressFreeLoadProc
                                                          • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                          • API String ID: 145871493-3689287502
                                                          • Opcode ID: 9530a494dd06db302388d4db297f4f2c9dfa072993239416aefb4e1241afeb3b
                                                          • Instruction ID: f1e1ab08cea6cf18bc1318c59ea0a06f77c1559a543eb241ccc7b4da194c8678
                                                          • Opcode Fuzzy Hash: 9530a494dd06db302388d4db297f4f2c9dfa072993239416aefb4e1241afeb3b
                                                          • Instruction Fuzzy Hash: 8DE0CD35E125225BD23317266C18F6FA55CAFC1F62F0A0115FD09D2210DB60ED0242A0
                                                          Function 00334E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00373CDE,?,00401418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00334E62
                                                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00334E74
                                                          • FreeLibrary.KERNEL32(00000000,?,?,00373CDE,?,00401418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00334E87
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Library$AddressFreeLoadProc
                                                          • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                          • API String ID: 145871493-1355242751
                                                          • Opcode ID: a80fbf3c80e5c8c445e28e10fd4edfd8fc83d4298ee56ce2030e8d42db0f48a6
                                                          • Instruction ID: bdcf479038da21fac66f2d4b2ac29d7d3b3e368edfec3395e219c6b12f0ad368
                                                          • Opcode Fuzzy Hash: a80fbf3c80e5c8c445e28e10fd4edfd8fc83d4298ee56ce2030e8d42db0f48a6
                                                          • Instruction Fuzzy Hash: 87D05B369126315756331B66BC1CEDF6A1CAF85F52B0A1515F90DE2114CF60ED02C7D0
                                                          Function 003A2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003A2C05
                                                          • DeleteFileW.KERNEL32(?), ref: 003A2C87
                                                          • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 003A2C9D
                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003A2CAE
                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003A2CC0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: File$Delete$Copy
                                                          • String ID:
                                                          • API String ID: 3226157194-0
                                                          • Opcode ID: f15cb0b27d231472f9d38959bb771f7f3b15002496d57e6ad3bbc45b7905247d
                                                          • Instruction ID: b1919587a9f808bc2fbe95d643fb35e7b4fba6b6a37b1427cd801eec91444d05
                                                          • Opcode Fuzzy Hash: f15cb0b27d231472f9d38959bb771f7f3b15002496d57e6ad3bbc45b7905247d
                                                          • Instruction Fuzzy Hash: 09B15E72D00119ABDF26DBA8CC85EDFB7BDEF09350F1044A6F909EA151EB319A448F61
                                                          Function 003BA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentProcessId.KERNEL32 ref: 003BA427
                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 003BA435
                                                          • GetProcessIoCounters.KERNEL32(00000000,?), ref: 003BA468
                                                          • CloseHandle.KERNEL32(?), ref: 003BA63D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$CloseCountersCurrentHandleOpen
                                                          • String ID:
                                                          • API String ID: 3488606520-0
                                                          • Opcode ID: 061843cfc38672f311a67a32301b2cae17436c713527b691337b5a5cf1aed5ea
                                                          • Instruction ID: 958960a49654da01ba0cf19cd4ffe243457c0b4a181f2a23d8ccf5cf024afa7a
                                                          • Opcode Fuzzy Hash: 061843cfc38672f311a67a32301b2cae17436c713527b691337b5a5cf1aed5ea
                                                          • Instruction Fuzzy Hash: 53A1B175604700AFD721DF24C886F2AB7E5AF84714F14881DF69A9F792DB70EC418B92
                                                          Function 0039E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0039DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0039CF22,?), ref: 0039DDFD
                                                            • Part of subcall function 0039DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0039CF22,?), ref: 0039DE16
                                                            • Part of subcall function 0039E199: GetFileAttributesW.KERNEL32(?,0039CF95), ref: 0039E19A
                                                          • lstrcmpiW.KERNEL32(?,?), ref: 0039E473
                                                          • MoveFileW.KERNEL32(?,?), ref: 0039E4AC
                                                          • _wcslen.LIBCMT ref: 0039E5EB
                                                          • _wcslen.LIBCMT ref: 0039E603
                                                          • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0039E650
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                          • String ID:
                                                          • API String ID: 3183298772-0
                                                          • Opcode ID: 9bd0c7a7012ceca85a29947a048989919245c98de6f62dea7f4562a40b2884bb
                                                          • Instruction ID: 9d367ade4dc69f27ab2a31053f0fda3f56ce9cde9a2addb7b77e17940341b2ce
                                                          • Opcode Fuzzy Hash: 9bd0c7a7012ceca85a29947a048989919245c98de6f62dea7f4562a40b2884bb
                                                          • Instruction Fuzzy Hash: 525141B24083459BCB26DB94D881EDFB3ECAF85340F00491EF589D7191EF74A688C766
                                                          Function 003BB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                            • Part of subcall function 003BC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003BB6AE,?,?), ref: 003BC9B5
                                                            • Part of subcall function 003BC998: _wcslen.LIBCMT ref: 003BC9F1
                                                            • Part of subcall function 003BC998: _wcslen.LIBCMT ref: 003BCA68
                                                            • Part of subcall function 003BC998: _wcslen.LIBCMT ref: 003BCA9E
                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003BBAA5
                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003BBB00
                                                          • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 003BBB63
                                                          • RegCloseKey.ADVAPI32(?,?), ref: 003BBBA6
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 003BBBB3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                          • String ID:
                                                          • API String ID: 826366716-0
                                                          • Opcode ID: 02e1527146212cedc308f5c71103d0455dff48c72067d180d041f49c20bf889a
                                                          • Instruction ID: 639a6c44f798f4a7b9ba16b7f86c721847dc988a41d0f04f78a9cd09de1b61a7
                                                          • Opcode Fuzzy Hash: 02e1527146212cedc308f5c71103d0455dff48c72067d180d041f49c20bf889a
                                                          • Instruction Fuzzy Hash: 8F61AD31608201EFD316DF14C890E6ABBE9FF84308F14859DF5998B6A2CB71ED45CB92
                                                          Function 00398BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 00398BCD
                                                          • VariantClear.OLEAUT32 ref: 00398C3E
                                                          • VariantClear.OLEAUT32 ref: 00398C9D
                                                          • VariantClear.OLEAUT32(?), ref: 00398D10
                                                          • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00398D3B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Clear$ChangeInitType
                                                          • String ID:
                                                          • API String ID: 4136290138-0
                                                          • Opcode ID: e3f905b0edbd4ad283616ab84f4229394e750e9ba2b3628608b3598fbb298a4d
                                                          • Instruction ID: 3c793f7b76a88bbc1dcc37bfbf5bc16f507c36b18f0a364cd25c84b83973ea36
                                                          • Opcode Fuzzy Hash: e3f905b0edbd4ad283616ab84f4229394e750e9ba2b3628608b3598fbb298a4d
                                                          • Instruction Fuzzy Hash: 5D5145B5A00619EFCB15CF68C894AAAB7F8FF89314B158559E909DB350E730E911CF90
                                                          Function 003A8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 003A8BAE
                                                          • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 003A8BDA
                                                          • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 003A8C32
                                                          • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 003A8C57
                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 003A8C5F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: PrivateProfile$SectionWrite$String
                                                          • String ID:
                                                          • API String ID: 2832842796-0
                                                          • Opcode ID: 46db3b7e89a4b423392d211786fff96c35a426ebab6bd72baab27da2b8378895
                                                          • Instruction ID: 06ddc51ca63aaa7d1a244079a263ef3db971b1cf23f2b551915469ba50e4e175
                                                          • Opcode Fuzzy Hash: 46db3b7e89a4b423392d211786fff96c35a426ebab6bd72baab27da2b8378895
                                                          • Instruction Fuzzy Hash: 46513975A00218AFDB16DF65C880A69BBF5FF49314F088458E849AF362CB31ED51CF90
                                                          Function 003B8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryW.KERNEL32(?,00000000,?), ref: 003B8F40
                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 003B8FD0
                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 003B8FEC
                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 003B9032
                                                          • FreeLibrary.KERNEL32(00000000), ref: 003B9052
                                                            • Part of subcall function 0034F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,003A1043,?,753CE610), ref: 0034F6E6
                                                            • Part of subcall function 0034F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0038FA64,00000000,00000000,?,?,003A1043,?,753CE610,?,0038FA64), ref: 0034F70D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                          • String ID:
                                                          • API String ID: 666041331-0
                                                          • Opcode ID: b95c5d202aab83a0615b58e6c046f85666f09aca4b7d57fb984e86d8fe8cff8b
                                                          • Instruction ID: 8d24ec9d328099b3fb8ceb2b4a67339d96734158abd58912dd914a3146f0ae6f
                                                          • Opcode Fuzzy Hash: b95c5d202aab83a0615b58e6c046f85666f09aca4b7d57fb984e86d8fe8cff8b
                                                          • Instruction Fuzzy Hash: 17513935604205DFCB12EF54C4849ADBBB5FF49318F098099EA0A9F762DB31ED86CB90
                                                          Function 003C6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetWindowLongW.USER32(00000002,000000F0,?), ref: 003C6C33
                                                          • SetWindowLongW.USER32(?,000000EC,?), ref: 003C6C4A
                                                          • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 003C6C73
                                                          • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,003AAB79,00000000,00000000), ref: 003C6C98
                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 003C6CC7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Long$MessageSendShow
                                                          • String ID:
                                                          • API String ID: 3688381893-0
                                                          • Opcode ID: 8343328727032a7d39ccb5a91094fa81a56ac4b151bd09c48cc604c88e8e675d
                                                          • Instruction ID: c1cf39746cc460a2c5bbc83addf2407af8b1f4a11d8e3a3b00dca74bd7b253bc
                                                          • Opcode Fuzzy Hash: 8343328727032a7d39ccb5a91094fa81a56ac4b151bd09c48cc604c88e8e675d
                                                          • Instruction Fuzzy Hash: F441D535A04104AFD726CF28CD5AFA97BA9EB09350F16422CF899E72E1C771ED41CB40
                                                          Function 00362051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _free
                                                          • String ID:
                                                          • API String ID: 269201875-0
                                                          • Opcode ID: 3271823b89ac790d633a7020833bba8ff7b2b24a4ef7a6a358bb73500c9ac106
                                                          • Instruction ID: 0208b904a2b4c30c98fd4c8f48059fc68711eeb4312fa82ef1f96fbfa1c50f18
                                                          • Opcode Fuzzy Hash: 3271823b89ac790d633a7020833bba8ff7b2b24a4ef7a6a358bb73500c9ac106
                                                          • Instruction Fuzzy Hash: 3A41D032A006049FCB26DF78C980A6EB3E5EF89314F168568E915EF359DA31AD01CB80
                                                          Function 0034912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCursorPos.USER32(?), ref: 00349141
                                                          • ScreenToClient.USER32(00000000,?), ref: 0034915E
                                                          • GetAsyncKeyState.USER32(00000001), ref: 00349183
                                                          • GetAsyncKeyState.USER32(00000002), ref: 0034919D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: AsyncState$ClientCursorScreen
                                                          • String ID:
                                                          • API String ID: 4210589936-0
                                                          • Opcode ID: 3806eac0f60b2f4424d89071eacc6eb72ee1e1358a216937e5f6a4ae3a001ee4
                                                          • Instruction ID: 135b0d91a3e15726c470ee0bfa678a4195f69533ae4d09773cd8ebce469a58de
                                                          • Opcode Fuzzy Hash: 3806eac0f60b2f4424d89071eacc6eb72ee1e1358a216937e5f6a4ae3a001ee4
                                                          • Instruction Fuzzy Hash: F341527190861AFBDF16AF64C848BEEB7B5FF05320F25825AE429A72D0C730AD54CB51
                                                          Function 003A3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetInputState.USER32 ref: 003A38CB
                                                          • TranslateAcceleratorW.USER32(?,00000000,?), ref: 003A3922
                                                          • TranslateMessage.USER32(?), ref: 003A394B
                                                          • DispatchMessageW.USER32(?), ref: 003A3955
                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 003A3966
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                          • String ID:
                                                          • API String ID: 2256411358-0
                                                          • Opcode ID: 391786c9a6143e68382f5e94e4b6c3959ab7f765cc4dfcf1a3691d4a1d23e0a4
                                                          • Instruction ID: 666a6293832412970d8499ed08e0462e9a94d6a868f9a31a2c7e325f00925737
                                                          • Opcode Fuzzy Hash: 391786c9a6143e68382f5e94e4b6c3959ab7f765cc4dfcf1a3691d4a1d23e0a4
                                                          • Instruction Fuzzy Hash: D831A0719083429FEB27CB759948FB737ACEB07304F05456DF466D25A0E3B4AA89CB11
                                                          Function 003ACF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,003AC21E,00000000), ref: 003ACF38
                                                          • InternetReadFile.WININET(?,00000000,?,?), ref: 003ACF6F
                                                          • GetLastError.KERNEL32(?,00000000,?,?,?,003AC21E,00000000), ref: 003ACFB4
                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,003AC21E,00000000), ref: 003ACFC8
                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,003AC21E,00000000), ref: 003ACFF2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                          • String ID:
                                                          • API String ID: 3191363074-0
                                                          • Opcode ID: 20f5892e38eafd9fa6aa5067b861f6acdf028d2769958904898fcef8125c6491
                                                          • Instruction ID: 5e23b4366e42983db05bd598aa1af3bc4662662d590d63b62fa4df687bc0e87d
                                                          • Opcode Fuzzy Hash: 20f5892e38eafd9fa6aa5067b861f6acdf028d2769958904898fcef8125c6491
                                                          • Instruction Fuzzy Hash: DB318E71914205EFDB22DFA5C884EABBBFDEB16310F10542EF50AD6501DB30AE41DB60
                                                          Function 00391901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowRect.USER32(?,?), ref: 00391915
                                                          • PostMessageW.USER32(00000001,00000201,00000001), ref: 003919C1
                                                          • Sleep.KERNEL32(00000000,?,?,?), ref: 003919C9
                                                          • PostMessageW.USER32(00000001,00000202,00000000), ref: 003919DA
                                                          • Sleep.KERNEL32(00000000,?,?,?,?), ref: 003919E2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessagePostSleep$RectWindow
                                                          • String ID:
                                                          • API String ID: 3382505437-0
                                                          • Opcode ID: 0fe532a42445cca3cabe4278543c81d1830534ea5863eb2f52b3f38bb36059f7
                                                          • Instruction ID: 7e6f2beacb503c60fdb3e1b23c8f24ea926060246692ca022bec740be3998c4f
                                                          • Opcode Fuzzy Hash: 0fe532a42445cca3cabe4278543c81d1830534ea5863eb2f52b3f38bb36059f7
                                                          • Instruction Fuzzy Hash: B131AF71A0021AEFDF01CFA8C999ADE7BB5EB04315F114225F925E72D1C770A954CB90
                                                          Function 003C5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,00001053,000000FF,?), ref: 003C5745
                                                          • SendMessageW.USER32(?,00001074,?,00000001), ref: 003C579D
                                                          • _wcslen.LIBCMT ref: 003C57AF
                                                          • _wcslen.LIBCMT ref: 003C57BA
                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 003C5816
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$_wcslen
                                                          • String ID:
                                                          • API String ID: 763830540-0
                                                          • Opcode ID: 88c7723a35b43749bff5f3c593315dcd1ddd9541207202f2ab5b65692bfaa595
                                                          • Instruction ID: 59d6bf9400f5be7a87caa2ca9d4c68463209ff108cd01660f3178b66abdf4558
                                                          • Opcode Fuzzy Hash: 88c7723a35b43749bff5f3c593315dcd1ddd9541207202f2ab5b65692bfaa595
                                                          • Instruction Fuzzy Hash: A52185719046189ADB229F61CC85FEEB7BCFF04725F10825AE919EA190D770ADC5CF50
                                                          Function 003B0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsWindow.USER32(00000000), ref: 003B0951
                                                          • GetForegroundWindow.USER32 ref: 003B0968
                                                          • GetDC.USER32(00000000), ref: 003B09A4
                                                          • GetPixel.GDI32(00000000,?,00000003), ref: 003B09B0
                                                          • ReleaseDC.USER32(00000000,00000003), ref: 003B09E8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$ForegroundPixelRelease
                                                          • String ID:
                                                          • API String ID: 4156661090-0
                                                          • Opcode ID: e05685d7c41ffe0a919fe64d40fd38850fc9764f7f6a694ef5a8f3b86a094904
                                                          • Instruction ID: 8b611ba720cb8ce722ed48e2b1b1f06dcee4bb072c2a6a9111b4aa8a433dd408
                                                          • Opcode Fuzzy Hash: e05685d7c41ffe0a919fe64d40fd38850fc9764f7f6a694ef5a8f3b86a094904
                                                          • Instruction Fuzzy Hash: 99218E35600204AFD705EF65C988EAFBBE9EF49740F048068E94AEB762CB30AC04CB50
                                                          Function 0036CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentStringsW.KERNEL32 ref: 0036CDC6
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0036CDE9
                                                            • Part of subcall function 00363820: RtlAllocateHeap.NTDLL(00000000,?,00401444,?,0034FDF5,?,?,0033A976,00000010,00401440,003313FC,?,003313C6,?,00331129), ref: 00363852
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0036CE0F
                                                          • _free.LIBCMT ref: 0036CE22
                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0036CE31
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                          • String ID:
                                                          • API String ID: 336800556-0
                                                          • Opcode ID: 71249b9dddd358495c433568f737b94ed666047f778feb4296c2c9b76168eb51
                                                          • Instruction ID: aadf0bf7788fe4f3815e882ca13eadcaa321cdba6d6de9d4b336b48f673c3b39
                                                          • Opcode Fuzzy Hash: 71249b9dddd358495c433568f737b94ed666047f778feb4296c2c9b76168eb51
                                                          • Instruction Fuzzy Hash: A501D872A212157F632316B66C48C7B7D7DDEC6BA23169129F905C7104DA668D0182B4
                                                          Function 00349639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00349693
                                                          • SelectObject.GDI32(?,00000000), ref: 003496A2
                                                          • BeginPath.GDI32(?), ref: 003496B9
                                                          • SelectObject.GDI32(?,00000000), ref: 003496E2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ObjectSelect$BeginCreatePath
                                                          • String ID:
                                                          • API String ID: 3225163088-0
                                                          • Opcode ID: a76eaa0d52031b4b60d46572c68463c7aafad5ee23c6dbcda195be58e5da2472
                                                          • Instruction ID: b51bd0366801e82ba304ff2594021399c26f55aa4e32aff79375f3b29b0571f7
                                                          • Opcode Fuzzy Hash: a76eaa0d52031b4b60d46572c68463c7aafad5ee23c6dbcda195be58e5da2472
                                                          • Instruction Fuzzy Hash: 742187B0812305EFDB129F65ED18BAA3BF9BB50365F160227F414BA1B0D374A851CF98
                                                          Function 00395711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _memcmp
                                                          • String ID:
                                                          • API String ID: 2931989736-0
                                                          • Opcode ID: 1f8e02f0894decf80c229260fbd550aa6776128fb13327c8bf217085b2f98a0c
                                                          • Instruction ID: 7eda63687a5af1463584d41d524440321438e40f1007895826f09450900bc4c2
                                                          • Opcode Fuzzy Hash: 1f8e02f0894decf80c229260fbd550aa6776128fb13327c8bf217085b2f98a0c
                                                          • Instruction Fuzzy Hash: 2A01F1A6341A09BFEA0B6A50AD92FFB736D9B303A5F004024FD049E641F730EF5483A0
                                                          Function 00362DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,?,0035F2DE,00363863,00401444,?,0034FDF5,?,?,0033A976,00000010,00401440,003313FC,?,003313C6), ref: 00362DFD
                                                          • _free.LIBCMT ref: 00362E32
                                                          • _free.LIBCMT ref: 00362E59
                                                          • SetLastError.KERNEL32(00000000,00331129), ref: 00362E66
                                                          • SetLastError.KERNEL32(00000000,00331129), ref: 00362E6F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$_free
                                                          • String ID:
                                                          • API String ID: 3170660625-0
                                                          • Opcode ID: 043f8d7af951843620de06531246224bafe360823c384e05f3f3e45ddb083a71
                                                          • Instruction ID: 0959f250a0796f3d74ac0564189e1748b99fbdb479aa166c45a9ee2857da9924
                                                          • Opcode Fuzzy Hash: 043f8d7af951843620de06531246224bafe360823c384e05f3f3e45ddb083a71
                                                          • Instruction Fuzzy Hash: 1401F436645E0067C61327346D49D2B265DABD23A1F27D438F425E62DAEB368C118220
                                                          Function 0039000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0038FF41,80070057,?,?,?,0039035E), ref: 0039002B
                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0038FF41,80070057,?,?), ref: 00390046
                                                          • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0038FF41,80070057,?,?), ref: 00390054
                                                          • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0038FF41,80070057,?), ref: 00390064
                                                          • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0038FF41,80070057,?,?), ref: 00390070
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: From$Prog$FreeStringTasklstrcmpi
                                                          • String ID:
                                                          • API String ID: 3897988419-0
                                                          • Opcode ID: 922197dea8e4ec4164d39adc31493122c4c7017bd2b9b4a1351964d14a2e8bc9
                                                          • Instruction ID: d16f3209618d3e712bc5561f685a904693ce9b400f52a9d94cda65bfd5d2c2f0
                                                          • Opcode Fuzzy Hash: 922197dea8e4ec4164d39adc31493122c4c7017bd2b9b4a1351964d14a2e8bc9
                                                          • Instruction Fuzzy Hash: 53018B76610204BFDF169F68DC04FAE7AEDEB44792F145124F909D2210E775ED408BA0
                                                          Function 0039E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0039E997
                                                          • QueryPerformanceFrequency.KERNEL32(?), ref: 0039E9A5
                                                          • Sleep.KERNEL32(00000000), ref: 0039E9AD
                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0039E9B7
                                                          • Sleep.KERNEL32 ref: 0039E9F3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: PerformanceQuery$CounterSleep$Frequency
                                                          • String ID:
                                                          • API String ID: 2833360925-0
                                                          • Opcode ID: 0ed2784ca579f956c7f3928bdcec1520f6e7addfb8161bbb4ca41de0f67fd0f0
                                                          • Instruction ID: de5f8a3087586b7017ad07987b8f7b39e6c90cd5382df53c46c9d972ecd0c1ee
                                                          • Opcode Fuzzy Hash: 0ed2784ca579f956c7f3928bdcec1520f6e7addfb8161bbb4ca41de0f67fd0f0
                                                          • Instruction Fuzzy Hash: 37015731C11629DBCF02EBE5DC59AEDBB7CFB08300F050946E502B2241CB38A950CBA1
                                                          Function 003910F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00391114
                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,00390B9B,?,?,?), ref: 00391120
                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00390B9B,?,?,?), ref: 0039112F
                                                          • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00390B9B,?,?,?), ref: 00391136
                                                          • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0039114D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                          • String ID:
                                                          • API String ID: 842720411-0
                                                          • Opcode ID: 0b5000002571fb3ac735974c4e422bc7b8ceb60583ab2b2d9ea706238c0fd441
                                                          • Instruction ID: f4b8a583e418e8e6c59502374420b1b21ab5e941ab30a55de65b41717774a9d4
                                                          • Opcode Fuzzy Hash: 0b5000002571fb3ac735974c4e422bc7b8ceb60583ab2b2d9ea706238c0fd441
                                                          • Instruction Fuzzy Hash: 40011979210205BFDB124FA5DC4DE6A3B6EEF893A0F254419FA49D7360DB31EC019B60
                                                          Function 00390FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00390FCA
                                                          • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00390FD6
                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00390FE5
                                                          • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00390FEC
                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00391002
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                          • String ID:
                                                          • API String ID: 44706859-0
                                                          • Opcode ID: 8c82d1089d589c5e1b7f3af3456c0f29adbd9d6387f07880c916af338edfe7d4
                                                          • Instruction ID: d15f2590ac83ac9ca55a116c9e073da48f73978d64144c7e32aa92c01500f869
                                                          • Opcode Fuzzy Hash: 8c82d1089d589c5e1b7f3af3456c0f29adbd9d6387f07880c916af338edfe7d4
                                                          • Instruction Fuzzy Hash: 6DF04939210312ABDB224FA5AC49F563BADFF89762F154414FA49D6251CA71EC40CB60
                                                          Function 00391014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0039102A
                                                          • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00391036
                                                          • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00391045
                                                          • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0039104C
                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00391062
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                          • String ID:
                                                          • API String ID: 44706859-0
                                                          • Opcode ID: 7e38ac65e4aaa94e32b4fa2620f5833328ab13785e8eaef0b0ae908c0312aeed
                                                          • Instruction ID: 5f4eb8d2b203193ee7c8d6312e85af05f6c3abc1ae045fb359b3f0e45eb9dc8b
                                                          • Opcode Fuzzy Hash: 7e38ac65e4aaa94e32b4fa2620f5833328ab13785e8eaef0b0ae908c0312aeed
                                                          • Instruction Fuzzy Hash: 30F06D39210312EBDB236FA5EC49F563BADFF897A1F150414FA49D7250CA71E8408B60
                                                          Function 003A030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CloseHandle.KERNEL32(?,?,?,?,003A017D,?,003A32FC,?,00000001,00372592,?), ref: 003A0324
                                                          • CloseHandle.KERNEL32(?,?,?,?,003A017D,?,003A32FC,?,00000001,00372592,?), ref: 003A0331
                                                          • CloseHandle.KERNEL32(?,?,?,?,003A017D,?,003A32FC,?,00000001,00372592,?), ref: 003A033E
                                                          • CloseHandle.KERNEL32(?,?,?,?,003A017D,?,003A32FC,?,00000001,00372592,?), ref: 003A034B
                                                          • CloseHandle.KERNEL32(?,?,?,?,003A017D,?,003A32FC,?,00000001,00372592,?), ref: 003A0358
                                                          • CloseHandle.KERNEL32(?,?,?,?,003A017D,?,003A32FC,?,00000001,00372592,?), ref: 003A0365
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseHandle
                                                          • String ID:
                                                          • API String ID: 2962429428-0
                                                          • Opcode ID: b1c7b035b07d8f8bbaa776d36cfb266c41b7c55c9d21c97e0744dda150176431
                                                          • Instruction ID: ac43862df00c9d4a57ab0154d64256190a85d199bdbf366b6b0ca21c88759b85
                                                          • Opcode Fuzzy Hash: b1c7b035b07d8f8bbaa776d36cfb266c41b7c55c9d21c97e0744dda150176431
                                                          • Instruction Fuzzy Hash: 6F01EE7A800B018FCB36AF66D880802FBF9FF613053068A3FD19652970C3B1A948CF80
                                                          Function 0036D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • _free.LIBCMT ref: 0036D752
                                                            • Part of subcall function 003629C8: HeapFree.KERNEL32(00000000,00000000,?,0036D7D1,00000000,00000000,00000000,00000000,?,0036D7F8,00000000,00000007,00000000,?,0036DBF5,00000000), ref: 003629DE
                                                            • Part of subcall function 003629C8: GetLastError.KERNEL32(00000000,?,0036D7D1,00000000,00000000,00000000,00000000,?,0036D7F8,00000000,00000007,00000000,?,0036DBF5,00000000,00000000), ref: 003629F0
                                                          • _free.LIBCMT ref: 0036D764
                                                          • _free.LIBCMT ref: 0036D776
                                                          • _free.LIBCMT ref: 0036D788
                                                          • _free.LIBCMT ref: 0036D79A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: 02914dbda1f049de4e942836dbfd0ef79e9d63914e166abbaf347bc4457efa37
                                                          • Instruction ID: 25088ef0dd8a663047f7afbc113753d250dc0d5d45ecab6d462a12b974622e66
                                                          • Opcode Fuzzy Hash: 02914dbda1f049de4e942836dbfd0ef79e9d63914e166abbaf347bc4457efa37
                                                          • Instruction Fuzzy Hash: A1F01232B54608ABC627EF64FAC5C2777DDBB46750B969805F048DB509CB30FC90C665
                                                          Function 00395C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,000003E9), ref: 00395C58
                                                          • GetWindowTextW.USER32(00000000,?,00000100), ref: 00395C6F
                                                          • MessageBeep.USER32(00000000), ref: 00395C87
                                                          • KillTimer.USER32(?,0000040A), ref: 00395CA3
                                                          • EndDialog.USER32(?,00000001), ref: 00395CBD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                          • String ID:
                                                          • API String ID: 3741023627-0
                                                          • Opcode ID: c4dde47f9b51479141d185cdc0f570bc63ee1e745658e2571c4715769442e21c
                                                          • Instruction ID: e529dc4da4e6ac98d382f05aa4487d3c9b649a93444ddc754f3d165d34a1f27f
                                                          • Opcode Fuzzy Hash: c4dde47f9b51479141d185cdc0f570bc63ee1e745658e2571c4715769442e21c
                                                          • Instruction Fuzzy Hash: AD016D30510B04ABEF235B10DE4EFA677BCBB00B05F041559E686A15E1DBF5A9948F90
                                                          Function 003622A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _free.LIBCMT ref: 003622BE
                                                            • Part of subcall function 003629C8: HeapFree.KERNEL32(00000000,00000000,?,0036D7D1,00000000,00000000,00000000,00000000,?,0036D7F8,00000000,00000007,00000000,?,0036DBF5,00000000), ref: 003629DE
                                                            • Part of subcall function 003629C8: GetLastError.KERNEL32(00000000,?,0036D7D1,00000000,00000000,00000000,00000000,?,0036D7F8,00000000,00000007,00000000,?,0036DBF5,00000000,00000000), ref: 003629F0
                                                          • _free.LIBCMT ref: 003622D0
                                                          • _free.LIBCMT ref: 003622E3
                                                          • _free.LIBCMT ref: 003622F4
                                                          • _free.LIBCMT ref: 00362305
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: e39be8d8c096aafcc24cab3b3a44b49a4f6556971ba00d3a94f8e13cf5b1d85a
                                                          • Instruction ID: c698bccd591acda3dcc594fb1fae344dfe7885d17adda8952b4225fd206e1edb
                                                          • Opcode Fuzzy Hash: e39be8d8c096aafcc24cab3b3a44b49a4f6556971ba00d3a94f8e13cf5b1d85a
                                                          • Instruction Fuzzy Hash: BEF0B4705509118BC717AF54BE0191A3BE4F71A790F02456EF000F6279C7750821FFE9
                                                          Function 003495C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • EndPath.GDI32(?), ref: 003495D4
                                                          • StrokeAndFillPath.GDI32(?,?,003871F7,00000000,?,?,?), ref: 003495F0
                                                          • SelectObject.GDI32(?,00000000), ref: 00349603
                                                          • DeleteObject.GDI32 ref: 00349616
                                                          • StrokePath.GDI32(?), ref: 00349631
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Path$ObjectStroke$DeleteFillSelect
                                                          • String ID:
                                                          • API String ID: 2625713937-0
                                                          • Opcode ID: 5cdcc12b845f7277d1ffe16f25359259770ae86d52786bc99064f619a5adf66a
                                                          • Instruction ID: 85e92859b8d61c1a982ebb4056d3cc0f03d467180297ba19382af70a4e8a123a
                                                          • Opcode Fuzzy Hash: 5cdcc12b845f7277d1ffe16f25359259770ae86d52786bc99064f619a5adf66a
                                                          • Instruction Fuzzy Hash: 83F04F71005204EFDB135F65EE1CB653FA9BB01332F148225F469A90F0C734A991DF28
                                                          Function 00360F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: __freea$_free
                                                          • String ID: a/p$am/pm
                                                          • API String ID: 3432400110-3206640213
                                                          • Opcode ID: aff7bbb9f3c84de0c01fbc417cefb8f160a1ee63aae78cfa09716651790a1d71
                                                          • Instruction ID: ac3fc6f415ba77bcb67fda250c3576871ab36d4fc048c988165f79a1dedc038a
                                                          • Opcode Fuzzy Hash: aff7bbb9f3c84de0c01fbc417cefb8f160a1ee63aae78cfa09716651790a1d71
                                                          • Instruction Fuzzy Hash: 45D10339900206CACB2B9F68C855BFAB7B4FF06300F2DC159E9069BB58D3759D80CB91
                                                          Function 003B61D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00350242: EnterCriticalSection.KERNEL32(0040070C,00401884,?,?,0034198B,00402518,?,?,?,003312F9,00000000), ref: 0035024D
                                                            • Part of subcall function 00350242: LeaveCriticalSection.KERNEL32(0040070C,?,0034198B,00402518,?,?,?,003312F9,00000000), ref: 0035028A
                                                            • Part of subcall function 003500A3: __onexit.LIBCMT ref: 003500A9
                                                          • __Init_thread_footer.LIBCMT ref: 003B6238
                                                            • Part of subcall function 003501F8: EnterCriticalSection.KERNEL32(0040070C,?,?,00348747,00402514), ref: 00350202
                                                            • Part of subcall function 003501F8: LeaveCriticalSection.KERNEL32(0040070C,?,00348747,00402514), ref: 00350235
                                                            • Part of subcall function 003A359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 003A35E4
                                                            • Part of subcall function 003A359C: LoadStringW.USER32(00402390,?,00000FFF,?), ref: 003A360A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                          • String ID: x#@$x#@$x#@
                                                          • API String ID: 1072379062-2468959183
                                                          • Opcode ID: 1a12825b7b0b341d702bd7dd5201b6da5c2b9d3cfb7c2a27192bb4af44b2dc58
                                                          • Instruction ID: df6b68be03d2e3ac3a4eee46a37992ed5722ace6b75ef8d3fab6bd6f5d8952ed
                                                          • Opcode Fuzzy Hash: 1a12825b7b0b341d702bd7dd5201b6da5c2b9d3cfb7c2a27192bb4af44b2dc58
                                                          • Instruction Fuzzy Hash: 90C19071A00105AFDB26DF58C891EFEB7B9EF49304F11802AFA05AB692D774ED44CB90
                                                          Function 00365AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: JO3
                                                          • API String ID: 0-1249764312
                                                          • Opcode ID: cc9c00e0e069c1c60bb2f46ce627244756a19732b255588aa89a3eda4b5a8649
                                                          • Instruction ID: f8b41dd9f43bdb2f1638203aa30f6a3a69c52a4e0b4efb2be4dea4c2ac513531
                                                          • Opcode Fuzzy Hash: cc9c00e0e069c1c60bb2f46ce627244756a19732b255588aa89a3eda4b5a8649
                                                          • Instruction Fuzzy Hash: EB51B075D0060AAFCF239FA8C945FAEBFB8EF05310F158069F805AB2A5D7719901DB61
                                                          Function 00368A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00368B6E
                                                          • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00368B7A
                                                          • __dosmaperr.LIBCMT ref: 00368B81
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                          • String ID: .5
                                                          • API String ID: 2434981716-4279605997
                                                          • Opcode ID: 402a0d0688d3c158dc701cd06dad14a6e7f003127cde269439354ef8be1761f5
                                                          • Instruction ID: 5e70548a9316937d7a28264921870ad77b51c1bfeda0cebb3368f074f60b3547
                                                          • Opcode Fuzzy Hash: 402a0d0688d3c158dc701cd06dad14a6e7f003127cde269439354ef8be1761f5
                                                          • Instruction Fuzzy Hash: 7F41ACB0604045AFDB239F68C880AB93FAADF4D304F29C7A9F8849B546DE318C029794
                                                          Function 00392716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0039B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003921D0,?,?,00000034,00000800,?,00000034), ref: 0039B42D
                                                          • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00392760
                                                            • Part of subcall function 0039B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,003921FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0039B3F8
                                                            • Part of subcall function 0039B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0039B355
                                                            • Part of subcall function 0039B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00392194,00000034,?,?,00001004,00000000,00000000), ref: 0039B365
                                                            • Part of subcall function 0039B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00392194,00000034,?,?,00001004,00000000,00000000), ref: 0039B37B
                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 003927CD
                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0039281A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                          • String ID: @
                                                          • API String ID: 4150878124-2766056989
                                                          • Opcode ID: a0442feec99f3f3b1edf5e39ea79fb409f6be6ac1a0ce769fd78c2a38367db28
                                                          • Instruction ID: 7aff7f628fe8d37d735bfad4391065f33ac8b6b1b30bc84e8cc53f73a63405f5
                                                          • Opcode Fuzzy Hash: a0442feec99f3f3b1edf5e39ea79fb409f6be6ac1a0ce769fd78c2a38367db28
                                                          • Instruction Fuzzy Hash: 1A411976900218BFDF11DBA4DD85EEEBBB8AF09700F104099FA55BB181DB706E45CBA1
                                                          Function 0036172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00361769
                                                          • _free.LIBCMT ref: 00361834
                                                          • _free.LIBCMT ref: 0036183E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _free$FileModuleName
                                                          • String ID: C:\Users\user\Desktop\file.exe
                                                          • API String ID: 2506810119-1957095476
                                                          • Opcode ID: 159f272cd527022671e5e495871a60463cfd350944dad346f3c5ea2c8e839bdc
                                                          • Instruction ID: c317a8b2fc711ad3273c61253e9826ea5b29ea32b00640d5d325b23abcc850fd
                                                          • Opcode Fuzzy Hash: 159f272cd527022671e5e495871a60463cfd350944dad346f3c5ea2c8e839bdc
                                                          • Instruction Fuzzy Hash: 57316275A00218AFDB22DF99D885D9EBBFCEB85310F1981AAF804EB215D7705E40DB94
                                                          Function 0039C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0039C306
                                                          • DeleteMenu.USER32(?,00000007,00000000), ref: 0039C34C
                                                          • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00401990,00DA58A8), ref: 0039C395
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Menu$Delete$InfoItem
                                                          • String ID: 0
                                                          • API String ID: 135850232-4108050209
                                                          • Opcode ID: b7d854bce3bead105c4f2876946c0bf6eeff0ed16475dd4e220befff1665423e
                                                          • Instruction ID: b4012bb34a01f058eeb0d8979df098bbfc3d38313656e41eb7db57a7f4f4cdd0
                                                          • Opcode Fuzzy Hash: b7d854bce3bead105c4f2876946c0bf6eeff0ed16475dd4e220befff1665423e
                                                          • Instruction Fuzzy Hash: 8041B0752143019FDB22DF29D884F5ABBE8AF85320F019A1DF8A59B2D1D774E904CB52
                                                          Function 003C4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,003CCC08,00000000,?,?,?,?), ref: 003C44AA
                                                          • GetWindowLongW.USER32 ref: 003C44C7
                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 003C44D7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Long
                                                          • String ID: SysTreeView32
                                                          • API String ID: 847901565-1698111956
                                                          • Opcode ID: 12c1191efdf9e1eee3a55adff5cc993c91925e73c5cfdcea5afa82250c9191e3
                                                          • Instruction ID: f6367b859199bf80929edfaf55b922dadda588c3dae33a05f67c332d0c13406f
                                                          • Opcode Fuzzy Hash: 12c1191efdf9e1eee3a55adff5cc993c91925e73c5cfdcea5afa82250c9191e3
                                                          • Instruction Fuzzy Hash: 4B319C31210605AFDB269E38DC45FEA7BA9EB09334F214319F979D21E0DB70EC509750
                                                          Function 00396E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SysReAllocString.OLEAUT32(?,?), ref: 00396EED
                                                          • VariantCopyInd.OLEAUT32(?,?), ref: 00396F08
                                                          • VariantClear.OLEAUT32(?), ref: 00396F12
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$AllocClearCopyString
                                                          • String ID: *j9
                                                          • API String ID: 2173805711-176951553
                                                          • Opcode ID: 315bd389031dfa11f3dec907a98e481934f60fd4baac8bf3d61a33e8bd8c563f
                                                          • Instruction ID: b705bf688e54ef7a59d5206405f44eb6e8233ac1f4022b5bf0502d312d95d3a5
                                                          • Opcode Fuzzy Hash: 315bd389031dfa11f3dec907a98e481934f60fd4baac8bf3d61a33e8bd8c563f
                                                          • Instruction Fuzzy Hash: 7C319172605245DFCF0BAFA4E8929BE77B9EF85300F101499F9038F2A1C7349926DB90
                                                          Function 003B304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 003B335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,003B3077,?,?), ref: 003B3378
                                                          • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 003B307A
                                                          • _wcslen.LIBCMT ref: 003B309B
                                                          • htons.WSOCK32(00000000,?,?,00000000), ref: 003B3106
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                          • String ID: 255.255.255.255
                                                          • API String ID: 946324512-2422070025
                                                          • Opcode ID: 6c2f71c9510aae49f6c3d38aaa2a82d38e2e133de297ee3aee945aadb3528b4c
                                                          • Instruction ID: b63b7ab4c1a28d079f260f7bd3f77169783fbd3594a0f15045c1865112225825
                                                          • Opcode Fuzzy Hash: 6c2f71c9510aae49f6c3d38aaa2a82d38e2e133de297ee3aee945aadb3528b4c
                                                          • Instruction Fuzzy Hash: F43104396042159FC712EF28C881EAA77E4EF1431CF258059EA168FB92CB32EE41C760
                                                          Function 003C3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 003C3F40
                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 003C3F54
                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 003C3F78
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window
                                                          • String ID: SysMonthCal32
                                                          • API String ID: 2326795674-1439706946
                                                          • Opcode ID: 90434eddb76da40c3f5a2ff761554905bffacd61e2e495b4dea954911bc56e76
                                                          • Instruction ID: b21adc002d07f59c02198964c74834ad717564958dd4e73444f0a88360b6822e
                                                          • Opcode Fuzzy Hash: 90434eddb76da40c3f5a2ff761554905bffacd61e2e495b4dea954911bc56e76
                                                          • Instruction Fuzzy Hash: E321AE32610219BFDF269F50CC86FEA3B79EF48714F114218FA19AB1D0D6B5AD60CB90
                                                          Function 003C4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 003C4705
                                                          • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 003C4713
                                                          • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 003C471A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$DestroyWindow
                                                          • String ID: msctls_updown32
                                                          • API String ID: 4014797782-2298589950
                                                          • Opcode ID: 4950e1c918ff542e62966665ed615328c31da3d3713dd059de3cc1d48875d5fc
                                                          • Instruction ID: cfc68169a0acc532e8b678aa393162e86cd34f2a90ae0598d3fb2a8b6029c534
                                                          • Opcode Fuzzy Hash: 4950e1c918ff542e62966665ed615328c31da3d3713dd059de3cc1d48875d5fc
                                                          • Instruction Fuzzy Hash: E0213CB5600209AFDB12DF64DCD1EA737ADEB5A3A4B050059FA14DB361CB71EC61CB60
                                                          Function 003995AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen
                                                          • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                          • API String ID: 176396367-2734436370
                                                          • Opcode ID: 4e0a08d6cbe90e27ce986c94ba7a5a67199c0b5bc79717a4b5e8290ad50716cb
                                                          • Instruction ID: 852d1bb2330312b9ce79dd4fe663ebd2cdac7eede3c81f5f8a4493415198c018
                                                          • Opcode Fuzzy Hash: 4e0a08d6cbe90e27ce986c94ba7a5a67199c0b5bc79717a4b5e8290ad50716cb
                                                          • Instruction Fuzzy Hash: 3521F67210451166DB33AB2C9802FB7B3AC9F52320F15402FF9499B151EB51AD85C3D5
                                                          Function 003C37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 003C3840
                                                          • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 003C3850
                                                          • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 003C3876
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$MoveWindow
                                                          • String ID: Listbox
                                                          • API String ID: 3315199576-2633736733
                                                          • Opcode ID: 47636599bfc923a6812072b30dcd3a8048a68eebf535438b6c4eea88ff466787
                                                          • Instruction ID: 8a3823e25108a6dbbafb5654e828ce25abd8c37d4597314c1dcd2c4729c8d8ee
                                                          • Opcode Fuzzy Hash: 47636599bfc923a6812072b30dcd3a8048a68eebf535438b6c4eea88ff466787
                                                          • Instruction Fuzzy Hash: 4C218E72610218BFEB229F54DC85FBB376EEF89750F118128F9049B190C671ED528BA0
                                                          Function 003A49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNEL32(00000001), ref: 003A4A08
                                                          • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 003A4A5C
                                                          • SetErrorMode.KERNEL32(00000000,?,?,003CCC08), ref: 003A4AD0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorMode$InformationVolume
                                                          • String ID: %lu
                                                          • API String ID: 2507767853-685833217
                                                          • Opcode ID: 442bf6131a261830d78864a5cc21ae1deda71ffeae45cd81c68b8e6860ef647d
                                                          • Instruction ID: db089c2daffb25a214d453c92d172efc047f42ec9a907c047d542da516fe3a89
                                                          • Opcode Fuzzy Hash: 442bf6131a261830d78864a5cc21ae1deda71ffeae45cd81c68b8e6860ef647d
                                                          • Instruction Fuzzy Hash: 33317171A00108AFDB12DF54C885EAA7BF8EF49308F1480A9F909DF252D771ED45CB61
                                                          Function 003C41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 003C424F
                                                          • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 003C4264
                                                          • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 003C4271
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID: msctls_trackbar32
                                                          • API String ID: 3850602802-1010561917
                                                          • Opcode ID: 8fd18ca818e6ac25a93e15cd30182bcf49390dadbded13a5bcf79cb878ce14f2
                                                          • Instruction ID: c213343a34dd9f69a11cfb9ef99fd57bf5c7732f0140e35560399df522dae9a6
                                                          • Opcode Fuzzy Hash: 8fd18ca818e6ac25a93e15cd30182bcf49390dadbded13a5bcf79cb878ce14f2
                                                          • Instruction Fuzzy Hash: 87110632240208BEEF225F28CC46FAB7BACEF95B54F020528FA55E60A0D271DC619B10
                                                          Function 00392F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00336B57: _wcslen.LIBCMT ref: 00336B6A
                                                            • Part of subcall function 00392DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00392DC5
                                                            • Part of subcall function 00392DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00392DD6
                                                            • Part of subcall function 00392DA7: GetCurrentThreadId.KERNEL32 ref: 00392DDD
                                                            • Part of subcall function 00392DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00392DE4
                                                          • GetFocus.USER32 ref: 00392F78
                                                            • Part of subcall function 00392DEE: GetParent.USER32(00000000), ref: 00392DF9
                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00392FC3
                                                          • EnumChildWindows.USER32(?,0039303B), ref: 00392FEB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                          • String ID: %s%d
                                                          • API String ID: 1272988791-1110647743
                                                          • Opcode ID: 0f1749d1a5c5d3131b9833cd770872354c3de9b9966bf75907c0d63dbff41b99
                                                          • Instruction ID: 96b47279452b40b812e9ec48536101cbe77568ce69f1a9b7a005ebf95e6073ec
                                                          • Opcode Fuzzy Hash: 0f1749d1a5c5d3131b9833cd770872354c3de9b9966bf75907c0d63dbff41b99
                                                          • Instruction Fuzzy Hash: 9E11B4B16002056BDF167F748CDAEEE776AAF84304F048075FA19DF252DE3099458B60
                                                          Function 003C5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 003C58C1
                                                          • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 003C58EE
                                                          • DrawMenuBar.USER32(?), ref: 003C58FD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Menu$InfoItem$Draw
                                                          • String ID: 0
                                                          • API String ID: 3227129158-4108050209
                                                          • Opcode ID: dfdd98ccd0c80dc540e08c1f35edf58296ccfa72cc12b5e2d508238f89265549
                                                          • Instruction ID: b9b48dc4dfb0c8c3492e903804067e42f98782618e34e2fe48aa2753977b34c0
                                                          • Opcode Fuzzy Hash: dfdd98ccd0c80dc540e08c1f35edf58296ccfa72cc12b5e2d508238f89265549
                                                          • Instruction Fuzzy Hash: 39011B32510218EFDB229F12DC44FAEBBB8FB45361F148099E849DA151DB30AAD4DF21
                                                          Function 0039007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6ae21e96537805ad2d5cdff8e1f1d013085addd93cbb6fa200dde110e8059658
                                                          • Instruction ID: 7952a59a34b0024eb6c6425408a3a8e67312819ddd5da768460febf375a634dc
                                                          • Opcode Fuzzy Hash: 6ae21e96537805ad2d5cdff8e1f1d013085addd93cbb6fa200dde110e8059658
                                                          • Instruction Fuzzy Hash: D2C17D75A00216EFDB19CFA8C894EAEB7B5FF48704F218598E905EB251D731ED41CB90
                                                          Function 003B342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearInitInitializeUninitialize
                                                          • String ID:
                                                          • API String ID: 1998397398-0
                                                          • Opcode ID: b3aa8a021dab413752a1192a4729f63c72c2fbe13c0ac80dc81a12fc26249258
                                                          • Instruction ID: 39a6339a694947cbd09cc88ae2cd981bb1cb12736947a94883cdea2589b973c1
                                                          • Opcode Fuzzy Hash: b3aa8a021dab413752a1192a4729f63c72c2fbe13c0ac80dc81a12fc26249258
                                                          • Instruction Fuzzy Hash: EEA169756042109FDB16DF28C485A6AB7E4FF89714F048859FA8A9F762DB30EE01CB91
                                                          Function 00390436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,003CFC08,?), ref: 003905F0
                                                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,003CFC08,?), ref: 00390608
                                                          • CLSIDFromProgID.OLE32(?,?,00000000,003CCC40,000000FF,?,00000000,00000800,00000000,?,003CFC08,?), ref: 0039062D
                                                          • _memcmp.LIBVCRUNTIME ref: 0039064E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: FromProg$FreeTask_memcmp
                                                          • String ID:
                                                          • API String ID: 314563124-0
                                                          • Opcode ID: a30ef32ad6bd7fb85104252263d7dc0ac8a43f6c8eb903290f48e436199a26b6
                                                          • Instruction ID: 0287adb3b0a8273f18655b74248f4e2e641db73bac277d11af275b843eaba305
                                                          • Opcode Fuzzy Hash: a30ef32ad6bd7fb85104252263d7dc0ac8a43f6c8eb903290f48e436199a26b6
                                                          • Instruction Fuzzy Hash: 7E81F675A00209EFCF05DF94C984EEEB7B9FF89315F214598E506AB250DB71AE06CB60
                                                          Function 00371391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _free
                                                          • String ID:
                                                          • API String ID: 269201875-0
                                                          • Opcode ID: be34886faf25f91c1a0cfa222c396638075ace1e578b0070b43685d60ba66795
                                                          • Instruction ID: 6041e57726239dbaba713a191d0e20426d6defc1c0e24752aac5c2629aff34e0
                                                          • Opcode Fuzzy Hash: be34886faf25f91c1a0cfa222c396638075ace1e578b0070b43685d60ba66795
                                                          • Instruction Fuzzy Hash: B6415C77A00100ABDB376BBE8C46AAE3AB9EF42370F15C625F81DDB191E67848419361
                                                          Function 003C6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowRect.USER32(?,?), ref: 003C62E2
                                                          • ScreenToClient.USER32(?,?), ref: 003C6315
                                                          • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 003C6382
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$ClientMoveRectScreen
                                                          • String ID:
                                                          • API String ID: 3880355969-0
                                                          • Opcode ID: a6c4caa13c92188a6ac2ad0df4a0ee7f031a9f50a77a94f12447b201b0524d0a
                                                          • Instruction ID: 4f229f8bb5c3152e83d1f8d0a09c0df0e7c9880e91dd02abd3c4c9fe36d8b9bf
                                                          • Opcode Fuzzy Hash: a6c4caa13c92188a6ac2ad0df4a0ee7f031a9f50a77a94f12447b201b0524d0a
                                                          • Instruction Fuzzy Hash: EA512874A00249AFCB12DF68D981EAE7BB5EB85360F11816DF815DB2A1D730ED81CB50
                                                          Function 003B1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • socket.WSOCK32(00000002,00000002,00000011), ref: 003B1AFD
                                                          • WSAGetLastError.WSOCK32 ref: 003B1B0B
                                                          • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 003B1B8A
                                                          • WSAGetLastError.WSOCK32 ref: 003B1B94
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$socket
                                                          • String ID:
                                                          • API String ID: 1881357543-0
                                                          • Opcode ID: a72fa48615186b59f189936bf2c316f89373f2c531d6e7cfb210b72e89ccf3dc
                                                          • Instruction ID: 07ac6be2a5e29c12fe5d4e7674b787a493be236ba31983b77a861808f7381009
                                                          • Opcode Fuzzy Hash: a72fa48615186b59f189936bf2c316f89373f2c531d6e7cfb210b72e89ccf3dc
                                                          • Instruction Fuzzy Hash: 4441D074600200AFE722EF24C896F6A77E5AB44718F54C44CFA1A9F7D2D772ED418B90
                                                          Function 0036B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9a638526fe37b4432196e789eb32d7c35dc50707121ee435eec43fd61e11d368
                                                          • Instruction ID: 5d371bf01c63108c4d131a37dc13f0b10445012ff5e954affca1449b54e20483
                                                          • Opcode Fuzzy Hash: 9a638526fe37b4432196e789eb32d7c35dc50707121ee435eec43fd61e11d368
                                                          • Instruction Fuzzy Hash: 28413876A00314AFD727AF38CC41BAABBA9EF84710F10C52AF546DF692D77199418B80
                                                          Function 003A56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 003A5783
                                                          • GetLastError.KERNEL32(?,00000000), ref: 003A57A9
                                                          • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 003A57CE
                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 003A57FA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateHardLink$DeleteErrorFileLast
                                                          • String ID:
                                                          • API String ID: 3321077145-0
                                                          • Opcode ID: 19a8504edf2f6c50d4cc1ac35020d059488f5fd39784ec14cb735979ac2962ec
                                                          • Instruction ID: 327de44f164d823fab64d5e995d4a68a861ff5bf2da3962d56f0585643aeb1d4
                                                          • Opcode Fuzzy Hash: 19a8504edf2f6c50d4cc1ac35020d059488f5fd39784ec14cb735979ac2962ec
                                                          • Instruction Fuzzy Hash: 3D411C3A600610DFDB26DF15C484A19BBE5EF4A720F198488E84AAF362CB35FD00CB91
                                                          Function 0036D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00356D71,00000000,00000000,003582D9,?,003582D9,?,00000001,00356D71,?,00000001,003582D9,003582D9), ref: 0036D910
                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0036D999
                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0036D9AB
                                                          • __freea.LIBCMT ref: 0036D9B4
                                                            • Part of subcall function 00363820: RtlAllocateHeap.NTDLL(00000000,?,00401444,?,0034FDF5,?,?,0033A976,00000010,00401440,003313FC,?,003313C6,?,00331129), ref: 00363852
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                          • String ID:
                                                          • API String ID: 2652629310-0
                                                          • Opcode ID: c24c39175d5dffa5880bdb20348a379384826065f72090ec39f2548dc30fbdda
                                                          • Instruction ID: 8d628887c00fc4b98165a23cb6f0c892c5b4c72468bf6b198b5339dbb5599a8c
                                                          • Opcode Fuzzy Hash: c24c39175d5dffa5880bdb20348a379384826065f72090ec39f2548dc30fbdda
                                                          • Instruction Fuzzy Hash: 6431B072A0020AABDF269F65DC45EAF7BA9EB41310F068168FC04DB154EB35DD54CB90
                                                          Function 003C52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 003C5352
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 003C5375
                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 003C5382
                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 003C53A8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: LongWindow$InvalidateMessageRectSend
                                                          • String ID:
                                                          • API String ID: 3340791633-0
                                                          • Opcode ID: 1380f4b4a5e77297b758dc1273bbfa58cf2a940b40f424be2b8ce9778ad232e3
                                                          • Instruction ID: 74c20a7524c8d86ffe04e95534d223d750b770a8b269ad625a114295bc856d78
                                                          • Opcode Fuzzy Hash: 1380f4b4a5e77297b758dc1273bbfa58cf2a940b40f424be2b8ce9778ad232e3
                                                          • Instruction Fuzzy Hash: 7931B038B55A88AFEB339E14CC45FE87769AB04390F59410AFA11D62E1C7B0BDC09B41
                                                          Function 0039AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 0039ABF1
                                                          • SetKeyboardState.USER32(00000080,?,00008000), ref: 0039AC0D
                                                          • PostMessageW.USER32(00000000,00000101,00000000), ref: 0039AC74
                                                          • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 0039ACC6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: KeyboardState$InputMessagePostSend
                                                          • String ID:
                                                          • API String ID: 432972143-0
                                                          • Opcode ID: e1c6819ac7d299b80c0e73a400b88580ae774e7473eb7648a0d936d82729d169
                                                          • Instruction ID: 21afedfea06e8f520edcd6008992c66a827fa43bb577a5806e30657b10680d71
                                                          • Opcode Fuzzy Hash: e1c6819ac7d299b80c0e73a400b88580ae774e7473eb7648a0d936d82729d169
                                                          • Instruction Fuzzy Hash: B1313970A04B186FFF37CB698C04BFA7BA9AB85311F04471AE485DA1D0C37499818BD2
                                                          Function 003C7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ClientToScreen.USER32(?,?), ref: 003C769A
                                                          • GetWindowRect.USER32(?,?), ref: 003C7710
                                                          • PtInRect.USER32(?,?,003C8B89), ref: 003C7720
                                                          • MessageBeep.USER32(00000000), ref: 003C778C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Rect$BeepClientMessageScreenWindow
                                                          • String ID:
                                                          • API String ID: 1352109105-0
                                                          • Opcode ID: 1ebf09134b8824c71b61af82156d8b4c9a27177ecb459c872a80b97b1b0bf641
                                                          • Instruction ID: 8853ca371687360ea9dc42a61dea68c52461c0ef7ca459e99e6d3437f1286628
                                                          • Opcode Fuzzy Hash: 1ebf09134b8824c71b61af82156d8b4c9a27177ecb459c872a80b97b1b0bf641
                                                          • Instruction Fuzzy Hash: A2417875A092189FCB12DF68C994FA9B7F5BB49354F1A80ACE814EB261C730ED41CF90
                                                          Function 003C16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetForegroundWindow.USER32 ref: 003C16EB
                                                            • Part of subcall function 00393A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00393A57
                                                            • Part of subcall function 00393A3D: GetCurrentThreadId.KERNEL32 ref: 00393A5E
                                                            • Part of subcall function 00393A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,003925B3), ref: 00393A65
                                                          • GetCaretPos.USER32(?), ref: 003C16FF
                                                          • ClientToScreen.USER32(00000000,?), ref: 003C174C
                                                          • GetForegroundWindow.USER32 ref: 003C1752
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                          • String ID:
                                                          • API String ID: 2759813231-0
                                                          • Opcode ID: 9f848b59ad7cc6362cd0cc167655cebade54c9d136c934e9b351ffae2ac5fe88
                                                          • Instruction ID: d05d3caa42a03390d0c504ba2700c006c6276f29784361a6ee7883597e723079
                                                          • Opcode Fuzzy Hash: 9f848b59ad7cc6362cd0cc167655cebade54c9d136c934e9b351ffae2ac5fe88
                                                          • Instruction Fuzzy Hash: 06313075D00149AFCB05EFA9C8C5DAEB7FDEF49304B5080A9E415EB212D631AE45CFA0
                                                          Function 0039D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0039D501
                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 0039D50F
                                                          • Process32NextW.KERNEL32(00000000,?), ref: 0039D52F
                                                          • CloseHandle.KERNEL32(00000000), ref: 0039D5DC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                          • String ID:
                                                          • API String ID: 420147892-0
                                                          • Opcode ID: 2958f66433327893670e947a1f5900f4dda3f20c383c09ce3cb3dd5908d72421
                                                          • Instruction ID: c0eec102c60e0781f6519c89cc481415bd8f4bdffa4fb902937f28755496a902
                                                          • Opcode Fuzzy Hash: 2958f66433327893670e947a1f5900f4dda3f20c383c09ce3cb3dd5908d72421
                                                          • Instruction Fuzzy Hash: 133193711083009FD702EF54C882AAFBBE8EF99354F14092DF5858A1A1EB71A949CB92
                                                          Function 003C8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00349BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00349BB2
                                                          • GetCursorPos.USER32(?), ref: 003C9001
                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00387711,?,?,?,?,?), ref: 003C9016
                                                          • GetCursorPos.USER32(?), ref: 003C905E
                                                          • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00387711,?,?,?), ref: 003C9094
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                          • String ID:
                                                          • API String ID: 2864067406-0
                                                          • Opcode ID: 7d0cd54aade6ab70e29e88b7663b265cc0d3c2dc00d5de8daee5f15982484d8a
                                                          • Instruction ID: e47351993fde7330da3ce92135e4dbd8e26b6a6fc3ae653566620ce078e35e70
                                                          • Opcode Fuzzy Hash: 7d0cd54aade6ab70e29e88b7663b265cc0d3c2dc00d5de8daee5f15982484d8a
                                                          • Instruction Fuzzy Hash: 1A218336600028EFDB168F95CC58FFA7BB9EF49350F1540AAF5059B261C731AD50DB60
                                                          Function 0039D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileAttributesW.KERNEL32(?,003CCB68), ref: 0039D2FB
                                                          • GetLastError.KERNEL32 ref: 0039D30A
                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 0039D319
                                                          • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,003CCB68), ref: 0039D376
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateDirectory$AttributesErrorFileLast
                                                          • String ID:
                                                          • API String ID: 2267087916-0
                                                          • Opcode ID: d4ffe0d13b15ea6bafa087f31f56e7d90e32d7183337bb29447e168bdc038c8d
                                                          • Instruction ID: 5c0115bedb4d847c52ad2689509a157380ad01b8d9e9e94939d167c4be403e82
                                                          • Opcode Fuzzy Hash: d4ffe0d13b15ea6bafa087f31f56e7d90e32d7183337bb29447e168bdc038c8d
                                                          • Instruction Fuzzy Hash: CB219F74508201DF8B02DF28C8C28AAB7E8AF56365F104A1DF499C72A1D731DD46CB93
                                                          Function 00391571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00391014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0039102A
                                                            • Part of subcall function 00391014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00391036
                                                            • Part of subcall function 00391014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00391045
                                                            • Part of subcall function 00391014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0039104C
                                                            • Part of subcall function 00391014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00391062
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 003915BE
                                                          • _memcmp.LIBVCRUNTIME ref: 003915E1
                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00391617
                                                          • HeapFree.KERNEL32(00000000), ref: 0039161E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                          • String ID:
                                                          • API String ID: 1592001646-0
                                                          • Opcode ID: becb190ee9281ff5faffd19cb170258b09d38dda5cc31dcc3feaf1257041c65c
                                                          • Instruction ID: 95ddcf0473b55c4ba3f7889cc4eecd279eda924eade2f774c3161efb01ef2b4f
                                                          • Opcode Fuzzy Hash: becb190ee9281ff5faffd19cb170258b09d38dda5cc31dcc3feaf1257041c65c
                                                          • Instruction Fuzzy Hash: 02217832E4010AAFDF12DFA4C945BEEB7B8EF45344F0A4459E845BB241E730AA05CBA0
                                                          Function 003C2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowLongW.USER32(?,000000EC), ref: 003C280A
                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 003C2824
                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 003C2832
                                                          • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 003C2840
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Long$AttributesLayered
                                                          • String ID:
                                                          • API String ID: 2169480361-0
                                                          • Opcode ID: 270acc8c44633cd59a65ab346aac3ddfef7347ca3a2d1ee439f5acbb114f7b1a
                                                          • Instruction ID: 0796af52e4974af942ec8f2df06a6833478c89560e4e4d0448032d4a9a411893
                                                          • Opcode Fuzzy Hash: 270acc8c44633cd59a65ab346aac3ddfef7347ca3a2d1ee439f5acbb114f7b1a
                                                          • Instruction Fuzzy Hash: F121A135204611AFD7169B24C895FAB7B99AF46324F15815CF42ACB6E2CB71FC42CB90
                                                          Function 003978F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00398D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0039790A,?,000000FF,?,00398754,00000000,?,0000001C,?,?), ref: 00398D8C
                                                            • Part of subcall function 00398D7D: lstrcpyW.KERNEL32(00000000,?,?,0039790A,?,000000FF,?,00398754,00000000,?,0000001C,?,?,00000000), ref: 00398DB2
                                                            • Part of subcall function 00398D7D: lstrcmpiW.KERNEL32(00000000,?,0039790A,?,000000FF,?,00398754,00000000,?,0000001C,?,?), ref: 00398DE3
                                                          • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00398754,00000000,?,0000001C,?,?,00000000), ref: 00397923
                                                          • lstrcpyW.KERNEL32(00000000,?,?,00398754,00000000,?,0000001C,?,?,00000000), ref: 00397949
                                                          • lstrcmpiW.KERNEL32(00000002,cdecl,?,00398754,00000000,?,0000001C,?,?,00000000), ref: 00397984
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: lstrcmpilstrcpylstrlen
                                                          • String ID: cdecl
                                                          • API String ID: 4031866154-3896280584
                                                          • Opcode ID: daabd61bb4d99bcbe45ada4ffbfd1f08726f18f53effd6b6bb07c3e902c42ecc
                                                          • Instruction ID: 16b698e8333b539ea5ab66d2ec50087ade0f5d4b5570780393464c2f931032da
                                                          • Opcode Fuzzy Hash: daabd61bb4d99bcbe45ada4ffbfd1f08726f18f53effd6b6bb07c3e902c42ecc
                                                          • Instruction Fuzzy Hash: 3611D67A210242AFDF165F39D845E7A77A9FF85350B50402AF946CB2A4EF319811C751
                                                          Function 003C7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 003C7D0B
                                                          • SetWindowLongW.USER32(00000000,000000F0,?), ref: 003C7D2A
                                                          • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 003C7D42
                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,003AB7AD,00000000), ref: 003C7D6B
                                                            • Part of subcall function 00349BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00349BB2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$Long
                                                          • String ID:
                                                          • API String ID: 847901565-0
                                                          • Opcode ID: 8b70404518c3d00a06e5258fb13c38e6cf081e847ebc56d57033b95b79cd4e0e
                                                          • Instruction ID: e8a62d088452d63de6ef32efa18bedc9b27ef7733e17016f7cfb587f13716fa2
                                                          • Opcode Fuzzy Hash: 8b70404518c3d00a06e5258fb13c38e6cf081e847ebc56d57033b95b79cd4e0e
                                                          • Instruction Fuzzy Hash: 1E114D72515615AFCB129F28DC08EA63BA9AF45360F168728FC3ADB2F0D7309D51DB50
                                                          Function 003C5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,00001060,?,00000004), ref: 003C56BB
                                                          • _wcslen.LIBCMT ref: 003C56CD
                                                          • _wcslen.LIBCMT ref: 003C56D8
                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 003C5816
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend_wcslen
                                                          • String ID:
                                                          • API String ID: 455545452-0
                                                          • Opcode ID: d115021dba045e2c7619f5966edcd41ae941ec03a878864337fcb684d053ecde
                                                          • Instruction ID: 22287c36b5ac00fff2bdcd830440f22e9b75c4402d7990ab78637c68218876bb
                                                          • Opcode Fuzzy Hash: d115021dba045e2c7619f5966edcd41ae941ec03a878864337fcb684d053ecde
                                                          • Instruction Fuzzy Hash: FF11E13160060896DB229F61CC85FEE77ACAF10364F10406EF905D6081E770EEC4CB60
                                                          Function 00361D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ce7e83ff0c0b683417fe417aa612cf78b4d0b793000805c97aca6fc9b8df8a3e
                                                          • Instruction ID: 0832d9b1a0c8e1f5547aef75b30a644924e0975d567ec16cf7805b2644075b2f
                                                          • Opcode Fuzzy Hash: ce7e83ff0c0b683417fe417aa612cf78b4d0b793000805c97aca6fc9b8df8a3e
                                                          • Instruction Fuzzy Hash: 7F01D1B3609A163EF62326786CC5F37665CDF827B8F3A8325F521A52DADB709C005270
                                                          Function 00391A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00391A47
                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00391A59
                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00391A6F
                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00391A8A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID:
                                                          • API String ID: 3850602802-0
                                                          • Opcode ID: 252c451c9a1c749a267d02c3cc2d3ca4cc85359389774f021ac9b91759922082
                                                          • Instruction ID: b90c88207dc31e11f5da24d8cb07e489e1f301bd39096a200b6d630b10bad62f
                                                          • Opcode Fuzzy Hash: 252c451c9a1c749a267d02c3cc2d3ca4cc85359389774f021ac9b91759922082
                                                          • Instruction Fuzzy Hash: 9511F73AD01219FFEF119BA5C985FADFB78EB08750F210091EA04B7290D671AE50DB94
                                                          Function 0039E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentThreadId.KERNEL32 ref: 0039E1FD
                                                          • MessageBoxW.USER32(?,?,?,?), ref: 0039E230
                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0039E246
                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0039E24D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                          • String ID:
                                                          • API String ID: 2880819207-0
                                                          • Opcode ID: 6dff2890a04f465b7c24921b8df5e396269c7fb73e0cea2b2a69b8c0efc0d7ee
                                                          • Instruction ID: e305e04b62d5c1863d0e14dc17cfa75b1e98893502a2397268daf138d22a0d7b
                                                          • Opcode Fuzzy Hash: 6dff2890a04f465b7c24921b8df5e396269c7fb73e0cea2b2a69b8c0efc0d7ee
                                                          • Instruction Fuzzy Hash: C3112B76D04258BFDB02EFA8DC05E9E7FACEB45310F144625F824E3691D670DD0487A0
                                                          Function 0035D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateThread.KERNEL32(00000000,?,0035CFF9,00000000,00000004,00000000), ref: 0035D218
                                                          • GetLastError.KERNEL32 ref: 0035D224
                                                          • __dosmaperr.LIBCMT ref: 0035D22B
                                                          • ResumeThread.KERNEL32(00000000), ref: 0035D249
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                          • String ID:
                                                          • API String ID: 173952441-0
                                                          • Opcode ID: 96242d295d49999ea6a66df7ba22a920d0d036a22ce4ffcc0f71628d2cef30d7
                                                          • Instruction ID: 3d98d1210983d9bbedcfbfe07f175b4b80c5c73e094e9e9eef0fc06e003adedb
                                                          • Opcode Fuzzy Hash: 96242d295d49999ea6a66df7ba22a920d0d036a22ce4ffcc0f71628d2cef30d7
                                                          • Instruction Fuzzy Hash: 0701D276815208BBCB235BA6DC09FAE7A6DDF81332F114619FD259A1F0DB708909C7A0
                                                          Function 003C9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00349BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00349BB2
                                                          • GetClientRect.USER32(?,?), ref: 003C9F31
                                                          • GetCursorPos.USER32(?), ref: 003C9F3B
                                                          • ScreenToClient.USER32(?,?), ref: 003C9F46
                                                          • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 003C9F7A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Client$CursorLongProcRectScreenWindow
                                                          • String ID:
                                                          • API String ID: 4127811313-0
                                                          • Opcode ID: 98881fe361b09b8287e32add93e2d8bc468b87dd76e284b0f95dada91b587cfa
                                                          • Instruction ID: fc6e91d14193b22af3af4e0a8f338d50c69d28407ebe7ddf5fb0e4564c04583b
                                                          • Opcode Fuzzy Hash: 98881fe361b09b8287e32add93e2d8bc468b87dd76e284b0f95dada91b587cfa
                                                          • Instruction Fuzzy Hash: 4611333290011AEBDB02EFA8D889EEE77B8EB45312F01045AF901E7150D330BE91CBA1
                                                          Function 0033600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0033604C
                                                          • GetStockObject.GDI32(00000011), ref: 00336060
                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 0033606A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateMessageObjectSendStockWindow
                                                          • String ID:
                                                          • API String ID: 3970641297-0
                                                          • Opcode ID: c071925fb33fc8890f599033fb8b1517f20c497f8971d13321953eafe36b2f3a
                                                          • Instruction ID: 5fe8a6a40ba88ca14cd9fbb9980663d0ce1b1f74985f7765a2e189c446f76f55
                                                          • Opcode Fuzzy Hash: c071925fb33fc8890f599033fb8b1517f20c497f8971d13321953eafe36b2f3a
                                                          • Instruction Fuzzy Hash: FD116D72505508BFEF174FA49C86EEABB6DEF093A4F055215FA1992120D732EC60DBA0
                                                          Function 00353B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • ___BuildCatchObject.LIBVCRUNTIME ref: 00353B56
                                                            • Part of subcall function 00353AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00353AD2
                                                            • Part of subcall function 00353AA3: ___AdjustPointer.LIBCMT ref: 00353AED
                                                          • _UnwindNestedFrames.LIBCMT ref: 00353B6B
                                                          • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00353B7C
                                                          • CallCatchBlock.LIBVCRUNTIME ref: 00353BA4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                          • String ID:
                                                          • API String ID: 737400349-0
                                                          • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                          • Instruction ID: 328b1b9ceca077ebae6c275da7bf5cf183d039f03c87f4b4e1d023ef9d03f0be
                                                          • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                          • Instruction Fuzzy Hash: 43012932100148BBDF125E95CC42EEB3B69EF48799F054014FE489A121D732E965DBA0
                                                          Function 00363073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,003313C6,00000000,00000000,?,0036301A,003313C6,00000000,00000000,00000000,?,0036328B,00000006,FlsSetValue), ref: 003630A5
                                                          • GetLastError.KERNEL32(?,0036301A,003313C6,00000000,00000000,00000000,?,0036328B,00000006,FlsSetValue,003D2290,FlsSetValue,00000000,00000364,?,00362E46), ref: 003630B1
                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0036301A,003313C6,00000000,00000000,00000000,?,0036328B,00000006,FlsSetValue,003D2290,FlsSetValue,00000000), ref: 003630BF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad$ErrorLast
                                                          • String ID:
                                                          • API String ID: 3177248105-0
                                                          • Opcode ID: dcfeb7587554f5c3cc3cb6b381f953760c2eeafe6b7f07672caedc2aaa285798
                                                          • Instruction ID: 14b6001cfe5ccbd64f426a1cad2271099d006b326be3a7b1b6db24be0579c591
                                                          • Opcode Fuzzy Hash: dcfeb7587554f5c3cc3cb6b381f953760c2eeafe6b7f07672caedc2aaa285798
                                                          • Instruction Fuzzy Hash: 2601D432312222ABCB334A79AC44E677B9CEF05BA1F158620F90BE3144C721D909C7E0
                                                          Function 00397464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0039747F
                                                          • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00397497
                                                          • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 003974AC
                                                          • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 003974CA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Type$Register$FileLoadModuleNameUser
                                                          • String ID:
                                                          • API String ID: 1352324309-0
                                                          • Opcode ID: d2a79ecbbbde147024c78c28035aaddb79c657b4de3b3830c309ca35eb5038b5
                                                          • Instruction ID: 31dcb48a65d0d69c7d69db084c395a858fb500c3c8272f4919f707f022109f0e
                                                          • Opcode Fuzzy Hash: d2a79ecbbbde147024c78c28035aaddb79c657b4de3b3830c309ca35eb5038b5
                                                          • Instruction Fuzzy Hash: 9011A1B12253119BEB228F16DC08FA27BFCEF00B00F108569E61AD6592D770F904DB90
                                                          Function 0039B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0039ACD3,?,00008000), ref: 0039B0C4
                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0039ACD3,?,00008000), ref: 0039B0E9
                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0039ACD3,?,00008000), ref: 0039B0F3
                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0039ACD3,?,00008000), ref: 0039B126
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CounterPerformanceQuerySleep
                                                          • String ID:
                                                          • API String ID: 2875609808-0
                                                          • Opcode ID: 8cc352cc95c4bdd5cd90a2eaedf631f473f4fe06673d4f36ff2e97c4632d3168
                                                          • Instruction ID: 5aa50fccbcf7564c65267e614600d0050d59634a18402beb44df3b7498229d0a
                                                          • Opcode Fuzzy Hash: 8cc352cc95c4bdd5cd90a2eaedf631f473f4fe06673d4f36ff2e97c4632d3168
                                                          • Instruction Fuzzy Hash: 8E115B31C0162DE7CF02AFE5EA69AEEFB78FF49711F114095D981B2281CB3056508B91
                                                          Function 003C7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowRect.USER32(?,?), ref: 003C7E33
                                                          • ScreenToClient.USER32(?,?), ref: 003C7E4B
                                                          • ScreenToClient.USER32(?,?), ref: 003C7E6F
                                                          • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 003C7E8A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ClientRectScreen$InvalidateWindow
                                                          • String ID:
                                                          • API String ID: 357397906-0
                                                          • Opcode ID: a675aaf8d84a1d0e822a64a6d08b7279bca9b76a1c11c6cb82d51640646a2dd8
                                                          • Instruction ID: fc82d3800b55bcf1a21918ee6fb316cc26fa379db1f80434eb84dabbcfed876f
                                                          • Opcode Fuzzy Hash: a675aaf8d84a1d0e822a64a6d08b7279bca9b76a1c11c6cb82d51640646a2dd8
                                                          • Instruction Fuzzy Hash: D81126B9D0024AAFDB41DFA8C984AEEBBF9FF08310F505056E955E3210D735AA55CF50
                                                          Function 00392DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00392DC5
                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00392DD6
                                                          • GetCurrentThreadId.KERNEL32 ref: 00392DDD
                                                          • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00392DE4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                          • String ID:
                                                          • API String ID: 2710830443-0
                                                          • Opcode ID: 1e131850ba63beed908f9e0f919ec2a0ea450831763c013580ccfcb22db6d554
                                                          • Instruction ID: 6e8126733ea5ce9b9ad53f958f15ac74ecd2fa22d482779ac12e2a905dc37453
                                                          • Opcode Fuzzy Hash: 1e131850ba63beed908f9e0f919ec2a0ea450831763c013580ccfcb22db6d554
                                                          • Instruction Fuzzy Hash: E5E09272511624BBDB221B739C0DFEB3E6CFF42BA1F051015F10AD10809AA4D841C7B0
                                                          Function 003C8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00349639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00349693
                                                            • Part of subcall function 00349639: SelectObject.GDI32(?,00000000), ref: 003496A2
                                                            • Part of subcall function 00349639: BeginPath.GDI32(?), ref: 003496B9
                                                            • Part of subcall function 00349639: SelectObject.GDI32(?,00000000), ref: 003496E2
                                                          • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 003C8887
                                                          • LineTo.GDI32(?,?,?), ref: 003C8894
                                                          • EndPath.GDI32(?), ref: 003C88A4
                                                          • StrokePath.GDI32(?), ref: 003C88B2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                          • String ID:
                                                          • API String ID: 1539411459-0
                                                          • Opcode ID: 4a7e274542595e6cc300e918bfbc01b8c5e7437813a8b9f5ffb9f72a5a71363b
                                                          • Instruction ID: c4635529b6e2cdfe5eab2eb93f124e35ee15b94bbdbf3a06372a1541eb54aacc
                                                          • Opcode Fuzzy Hash: 4a7e274542595e6cc300e918bfbc01b8c5e7437813a8b9f5ffb9f72a5a71363b
                                                          • Instruction Fuzzy Hash: CDF05E36041268FADB135F94AC09FDE3F59AF06310F048004FA55A50E1CB756A11CFE9
                                                          Function 003498B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetSysColor.USER32(00000008), ref: 003498CC
                                                          • SetTextColor.GDI32(?,?), ref: 003498D6
                                                          • SetBkMode.GDI32(?,00000001), ref: 003498E9
                                                          • GetStockObject.GDI32(00000005), ref: 003498F1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Color$ModeObjectStockText
                                                          • String ID:
                                                          • API String ID: 4037423528-0
                                                          • Opcode ID: 7a4ceab6c93740830a59c4330dd302ba02eba5efd39777b72af06f0c10142fb0
                                                          • Instruction ID: 1602d3f96f555994c33ed479ab6d63a595f11100d71a4992173ab72c8c19eded
                                                          • Opcode Fuzzy Hash: 7a4ceab6c93740830a59c4330dd302ba02eba5efd39777b72af06f0c10142fb0
                                                          • Instruction Fuzzy Hash: 46E06531654240AEDB225B75BC09FE93F55AB12335F188219F6FDD80E1C372A6419B10
                                                          Function 0039162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentThread.KERNEL32 ref: 00391634
                                                          • OpenThreadToken.ADVAPI32(00000000,?,?,?,003911D9), ref: 0039163B
                                                          • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,003911D9), ref: 00391648
                                                          • OpenProcessToken.ADVAPI32(00000000,?,?,?,003911D9), ref: 0039164F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CurrentOpenProcessThreadToken
                                                          • String ID:
                                                          • API String ID: 3974789173-0
                                                          • Opcode ID: 69d46a8ea7b9445362c2006999601dff4cd2a7fdabfc8de4ef4d241e5b69fa2e
                                                          • Instruction ID: e31dfa392617f8b737990959dd59213d9db59ad25e25368c7372dde19b3fabf5
                                                          • Opcode Fuzzy Hash: 69d46a8ea7b9445362c2006999601dff4cd2a7fdabfc8de4ef4d241e5b69fa2e
                                                          • Instruction Fuzzy Hash: C0E08671A11221DBDB211FA0AD0DF463B7CBF44791F194808F649D9080D6389441C750
                                                          Function 0038D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDesktopWindow.USER32 ref: 0038D858
                                                          • GetDC.USER32(00000000), ref: 0038D862
                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0038D882
                                                          • ReleaseDC.USER32(?), ref: 0038D8A3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                          • String ID:
                                                          • API String ID: 2889604237-0
                                                          • Opcode ID: 924f930554e65b59c789f680c44526dd9978d01b3f40e4db6d68c325a12020e5
                                                          • Instruction ID: b512835d961f1024dd04219318f288311399d7c6afda3a234cb1257bdaa75af2
                                                          • Opcode Fuzzy Hash: 924f930554e65b59c789f680c44526dd9978d01b3f40e4db6d68c325a12020e5
                                                          • Instruction Fuzzy Hash: BBE01AB4810204DFCB42AFA0D90CA6DBBB9FB08310F18A049E84AE7250C738A912EF40
                                                          Function 0038D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDesktopWindow.USER32 ref: 0038D86C
                                                          • GetDC.USER32(00000000), ref: 0038D876
                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0038D882
                                                          • ReleaseDC.USER32(?), ref: 0038D8A3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                          • String ID:
                                                          • API String ID: 2889604237-0
                                                          • Opcode ID: 224b12c99a0f14cbf6e46fd2c74af0a19bfdc492c6d781d599bb14e6b13b5d8c
                                                          • Instruction ID: 4baefee4fa827a2eca2d26550109121cea67b1446aed8ba2e54bbfadbabc3e16
                                                          • Opcode Fuzzy Hash: 224b12c99a0f14cbf6e46fd2c74af0a19bfdc492c6d781d599bb14e6b13b5d8c
                                                          • Instruction Fuzzy Hash: 6CE09A75810204DFCB52AFA0D94CA6DBBB9BB08311F18A449E94AE7250C739A912DF50
                                                          Function 003A4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00337620: _wcslen.LIBCMT ref: 00337625
                                                          • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 003A4ED4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Connection_wcslen
                                                          • String ID: *$LPT
                                                          • API String ID: 1725874428-3443410124
                                                          • Opcode ID: 8b82923cb03e5e3555c83932a35e521232ebf134f004c8c7ef87e1b0dc08534a
                                                          • Instruction ID: 426641172b707f2575c2e3259d35a0100973cc054898e384091aa8643bb4e4fd
                                                          • Opcode Fuzzy Hash: 8b82923cb03e5e3555c83932a35e521232ebf134f004c8c7ef87e1b0dc08534a
                                                          • Instruction Fuzzy Hash: 8B917D75A002049FDB16DF58C484EAABBF5FF86304F198099E80A9F362C775ED85CB90
                                                          Function 0035E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __startOneArgErrorHandling.LIBCMT ref: 0035E30D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorHandling__start
                                                          • String ID: pow
                                                          • API String ID: 3213639722-2276729525
                                                          • Opcode ID: ec5336b8bb972e6e02f0ca75f492fa8dc05955ae123bbd4ab28891827e4189c8
                                                          • Instruction ID: 8a561822a34d30d42f8df239435172c5c57654bfd2ec9d4dd22372b146e54251
                                                          • Opcode Fuzzy Hash: ec5336b8bb972e6e02f0ca75f492fa8dc05955ae123bbd4ab28891827e4189c8
                                                          • Instruction Fuzzy Hash: CA51CE61A0C20196CB1B7714CD01B7A3BACEB10746F70CDA9E8D2462FCEB318DDD9A46
                                                          Function 003B7771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharUpperBuffW.USER32(0038569E,00000000,?,003CCC08,?,00000000,00000000), ref: 003B78DD
                                                            • Part of subcall function 00336B57: _wcslen.LIBCMT ref: 00336B6A
                                                          • CharUpperBuffW.USER32(0038569E,00000000,?,003CCC08,00000000,?,00000000,00000000), ref: 003B783B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: BuffCharUpper$_wcslen
                                                          • String ID: <s?
                                                          • API String ID: 3544283678-1615119086
                                                          • Opcode ID: 64f0a5c6fd7e673ce7055bb734cbd368d402d304f7d6bfcb509e311051526baf
                                                          • Instruction ID: 7e7d055f2aa427503f5f8219f8423a7f55be55b80a1b5193f5c8619542702fb6
                                                          • Opcode Fuzzy Hash: 64f0a5c6fd7e673ce7055bb734cbd368d402d304f7d6bfcb509e311051526baf
                                                          • Instruction Fuzzy Hash: 8A613C76914119AACF07EBA4CC92DFDB378FF54704F44412AE642BB491EF306A09DBA0
                                                          Function 0034E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #
                                                          • API String ID: 0-1885708031
                                                          • Opcode ID: 9a616a40c68ed6e09e191de43ccd010bdd8997989e4410bd2a84b1fb2cd87089
                                                          • Instruction ID: 9381c54f57cc7bbdb4fe4b9204985b05ee44665c1b5e88cd87a023159f2804dd
                                                          • Opcode Fuzzy Hash: 9a616a40c68ed6e09e191de43ccd010bdd8997989e4410bd2a84b1fb2cd87089
                                                          • Instruction Fuzzy Hash: C6510D35A04346DFDB17EF28C481ABA7BA8FF55310F248599F8919F2D0D674AD42CBA0
                                                          Function 0034F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Sleep.KERNEL32(00000000), ref: 0034F2A2
                                                          • GlobalMemoryStatusEx.KERNEL32(?), ref: 0034F2BB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: GlobalMemorySleepStatus
                                                          • String ID: @
                                                          • API String ID: 2783356886-2766056989
                                                          • Opcode ID: 622a5b5041c37e36ffc7662c546b77dedcd5f81597604f64d9a4ab232acc4c1c
                                                          • Instruction ID: ddfc89ae0779a43aafa48bce5756ef524f63a4b5f91c4a71e7486ebd78214013
                                                          • Opcode Fuzzy Hash: 622a5b5041c37e36ffc7662c546b77dedcd5f81597604f64d9a4ab232acc4c1c
                                                          • Instruction Fuzzy Hash: C55155724187489BD321AF10DC86BAFBBFCFB84304F81884CF1D9551A5EB309929CB66
                                                          Function 003B5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 003B57E0
                                                          • _wcslen.LIBCMT ref: 003B57EC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: BuffCharUpper_wcslen
                                                          • String ID: CALLARGARRAY
                                                          • API String ID: 157775604-1150593374
                                                          • Opcode ID: 71086c4700be5a3ad8a8316650abf89d1be64b95d3e15bb167455e9dc603ebde
                                                          • Instruction ID: 36e997e9a80ea81184a62703b7189bac12b83c348dbfa312b99e870cd847370e
                                                          • Opcode Fuzzy Hash: 71086c4700be5a3ad8a8316650abf89d1be64b95d3e15bb167455e9dc603ebde
                                                          • Instruction Fuzzy Hash: B5419F31A002099FCB16DFA9C882AFEBBF5FF59324F154069E605EB251E7309D81CB90
                                                          Function 003AD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _wcslen.LIBCMT ref: 003AD130
                                                          • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 003AD13A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CrackInternet_wcslen
                                                          • String ID: |
                                                          • API String ID: 596671847-2343686810
                                                          • Opcode ID: d20a387d55f88d3daa71a3fb3a2b2d26dce74a59609bef02674afc0d9bf0a5f8
                                                          • Instruction ID: bc4f7290c3284479d90da3acf9d19b93762fde2ce5fff4923e66ca5027055a47
                                                          • Opcode Fuzzy Hash: d20a387d55f88d3daa71a3fb3a2b2d26dce74a59609bef02674afc0d9bf0a5f8
                                                          • Instruction Fuzzy Hash: 79311A71D00209AFCF16EFA4CD85AEEBFB9FF09300F004019F815AA162D735AA46CB90
                                                          Function 003C356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DestroyWindow.USER32(?,?,?,?), ref: 003C3621
                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 003C365C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$DestroyMove
                                                          • String ID: static
                                                          • API String ID: 2139405536-2160076837
                                                          • Opcode ID: b4b69bba99d16d3a1fa4c09090af31fdbbe9c876345b53d4ea217e855e554c37
                                                          • Instruction ID: 5aa879ff08f4e3a94ed824963f3a46f977d6773227ac1083a05962ab0df11307
                                                          • Opcode Fuzzy Hash: b4b69bba99d16d3a1fa4c09090af31fdbbe9c876345b53d4ea217e855e554c37
                                                          • Instruction Fuzzy Hash: AC31AA71110204AEDB129F68CC81FFB73A9FF88720F01961DF8A9D7280DA35AD91CB60
                                                          Function 003C4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 003C461F
                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 003C4634
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID: '
                                                          • API String ID: 3850602802-1997036262
                                                          • Opcode ID: b3fdd9dbdf9bd3fcc9df18c858fb1b2cae54f3371888b0c0e841733c03f015f1
                                                          • Instruction ID: dddf9b455e1026c7b5cf68a53eea927bd23222a3fff046d2d862bad0a600bf5f
                                                          • Opcode Fuzzy Hash: b3fdd9dbdf9bd3fcc9df18c858fb1b2cae54f3371888b0c0e841733c03f015f1
                                                          • Instruction Fuzzy Hash: 62311774A002099FDB15CF69C990FDABBB5FB49300F14406AE904EB351D770AD51CF90
                                                          Function 003C31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 003C327C
                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003C3287
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID: Combobox
                                                          • API String ID: 3850602802-2096851135
                                                          • Opcode ID: fcc98305ec75322e6aa82acf8f717d4556e491fdbc85bb52afb42090d5f64089
                                                          • Instruction ID: eb1cc43a44d0f9ecd4d586f8da7da1e875717be558ce1f6e9b264a5766427801
                                                          • Opcode Fuzzy Hash: fcc98305ec75322e6aa82acf8f717d4556e491fdbc85bb52afb42090d5f64089
                                                          • Instruction Fuzzy Hash: F711B2713002087FEF269F54DC81FBB776EEB94364F118529F918DB290D671AD518760
                                                          Function 003C3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0033600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0033604C
                                                            • Part of subcall function 0033600E: GetStockObject.GDI32(00000011), ref: 00336060
                                                            • Part of subcall function 0033600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0033606A
                                                          • GetWindowRect.USER32(00000000,?), ref: 003C377A
                                                          • GetSysColor.USER32(00000012), ref: 003C3794
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                          • String ID: static
                                                          • API String ID: 1983116058-2160076837
                                                          • Opcode ID: d32068b7eb71e5e9682f38639bbfbd7675cca40a5df86f5e2c1ee6e8aa3ea416
                                                          • Instruction ID: fd3f893cb346b5edf44789615b399d28565b99f52191c968c39f8e5ab992ec97
                                                          • Opcode Fuzzy Hash: d32068b7eb71e5e9682f38639bbfbd7675cca40a5df86f5e2c1ee6e8aa3ea416
                                                          • Instruction Fuzzy Hash: E7113AB2610209AFDF02DFA8CC46EEA7BF8FB09314F015518F955E2250D735ED519B50
                                                          Function 003ACD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 003ACD7D
                                                          • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 003ACDA6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Internet$OpenOption
                                                          • String ID: <local>
                                                          • API String ID: 942729171-4266983199
                                                          • Opcode ID: 6ad34f51750db7a8759919cdb8d0fd5082002a6e68a503ec0687e799d7c8cf08
                                                          • Instruction ID: cc53262a50907b1ce237b1873a03db62a2566ae9d5006443c45bd8a831f216ef
                                                          • Opcode Fuzzy Hash: 6ad34f51750db7a8759919cdb8d0fd5082002a6e68a503ec0687e799d7c8cf08
                                                          • Instruction Fuzzy Hash: B511C271225635BAD73A4B668C49EF7BEACEF137A4F00522AF11983580D7709840D6F0
                                                          Function 003C3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowTextLengthW.USER32(00000000), ref: 003C34AB
                                                          • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 003C34BA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: LengthMessageSendTextWindow
                                                          • String ID: edit
                                                          • API String ID: 2978978980-2167791130
                                                          • Opcode ID: 0ed42766979bd3b4ef556b64e2a387b54fdf9e983ba4b93e84c44aec53b53161
                                                          • Instruction ID: d740fc2069bc19ed050203526647bee8a79637d8cfbb0f2e3a9af368e266de48
                                                          • Opcode Fuzzy Hash: 0ed42766979bd3b4ef556b64e2a387b54fdf9e983ba4b93e84c44aec53b53161
                                                          • Instruction Fuzzy Hash: D6118871100208AAEB178E65DC80FAA36AAEB05374F518328F964D71E0C731ED519B60
                                                          Function 00396C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                          • CharUpperBuffW.USER32(?,?,?), ref: 00396CB6
                                                          • _wcslen.LIBCMT ref: 00396CC2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$BuffCharUpper
                                                          • String ID: STOP
                                                          • API String ID: 1256254125-2411985666
                                                          • Opcode ID: 4d8f2e3a3c7b28649c0b9b00790c3daf083edf38da97d538c3f3d646593c3bf8
                                                          • Instruction ID: 2a5fab5ca46b2eebd9bf4bb33ce96071ff2b4ddca5e5d59f8add7efffe7d9d29
                                                          • Opcode Fuzzy Hash: 4d8f2e3a3c7b28649c0b9b00790c3daf083edf38da97d538c3f3d646593c3bf8
                                                          • Instruction Fuzzy Hash: D40104326119268ACF239FBDDC829BF37A8EA60710B020534F86296194EB31E800CA50
                                                          Function 00391CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                            • Part of subcall function 00393CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00393CCA
                                                          • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00391D4C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ClassMessageNameSend_wcslen
                                                          • String ID: ComboBox$ListBox
                                                          • API String ID: 624084870-1403004172
                                                          • Opcode ID: 5cdb1c18eebf846200f70e9da7e3024c3f8bd303be8acd6c519bdc16bedd9533
                                                          • Instruction ID: cca44a25c546fabcdbbb3a1140cd2f1300129d2f08e50a45b51b47c5839dc644
                                                          • Opcode Fuzzy Hash: 5cdb1c18eebf846200f70e9da7e3024c3f8bd303be8acd6c519bdc16bedd9533
                                                          • Instruction Fuzzy Hash: C301D871651219ABCF0AFBA4CD55DFE7768EF46350F04051AF8226B2D1EA705908C760
                                                          Function 00391BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                            • Part of subcall function 00393CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00393CCA
                                                          • SendMessageW.USER32(?,00000180,00000000,?), ref: 00391C46
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ClassMessageNameSend_wcslen
                                                          • String ID: ComboBox$ListBox
                                                          • API String ID: 624084870-1403004172
                                                          • Opcode ID: 084e512d1cb449e771f2fa0d45c9a18b3d2ef7db145f1361b8ed2ff391a42947
                                                          • Instruction ID: 09ee02cf6a8c71d5b6c87e37047de10a89b8335ee6e52722fdecf847240d3207
                                                          • Opcode Fuzzy Hash: 084e512d1cb449e771f2fa0d45c9a18b3d2ef7db145f1361b8ed2ff391a42947
                                                          • Instruction Fuzzy Hash: 1D01A775685109A6DF07EB90CA91EFF77AC9F51340F14001AF5167B281EA609E08CAB1
                                                          Function 00391C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                            • Part of subcall function 00393CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00393CCA
                                                          • SendMessageW.USER32(?,00000182,?,00000000), ref: 00391CC8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ClassMessageNameSend_wcslen
                                                          • String ID: ComboBox$ListBox
                                                          • API String ID: 624084870-1403004172
                                                          • Opcode ID: d94f733863031bd06061a7e8930f52d6b2ebf2766d4d660f267b942df69ddf3d
                                                          • Instruction ID: 1d5ee1b10a49ab56900a229231c2451beda1a408f769b768846639653796a3b2
                                                          • Opcode Fuzzy Hash: d94f733863031bd06061a7e8930f52d6b2ebf2766d4d660f267b942df69ddf3d
                                                          • Instruction Fuzzy Hash: 7A01D6B6680119A7DF07EBA0CA41EFE77AC9B11340F540016B902BB281EAA09F08CA71
                                                          Function 0034A4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __Init_thread_footer.LIBCMT ref: 0034A529
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Init_thread_footer_wcslen
                                                          • String ID: ,%@$3y8
                                                          • API String ID: 2551934079-1164007899
                                                          • Opcode ID: ec8bab402d0757081e394135bbaaf566d43519f2a0a56730275b7d77f3e40e37
                                                          • Instruction ID: 53d87b3b6a72626cd2b77488f65d326774462e4c210e1e0b0dbcf4850e75cc4f
                                                          • Opcode Fuzzy Hash: ec8bab402d0757081e394135bbaaf566d43519f2a0a56730275b7d77f3e40e37
                                                          • Instruction Fuzzy Hash: D6012B31780A1097C517F768EE5BFAD33949B06711F4040AAF9056F2D3DEA0BD45869B
                                                          Function 00391D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00339CB3: _wcslen.LIBCMT ref: 00339CBD
                                                            • Part of subcall function 00393CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00393CCA
                                                          • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00391DD3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ClassMessageNameSend_wcslen
                                                          • String ID: ComboBox$ListBox
                                                          • API String ID: 624084870-1403004172
                                                          • Opcode ID: 9779d596afd0867d910247f1a6916ef7a98904d1bd6969232759f94087d6851e
                                                          • Instruction ID: 32d6b8e5f8adfe779ce0803d0773b5ceb88e8850ae69a1c3eeaac7f7d2894a61
                                                          • Opcode Fuzzy Hash: 9779d596afd0867d910247f1a6916ef7a98904d1bd6969232759f94087d6851e
                                                          • Instruction Fuzzy Hash: F1F0C875B41219A6DF07F7A4CD92FFF777CAF01350F040916F922BB6C1DAA0590886A0
                                                          Function 003C8172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00403018,0040305C), ref: 003C81BF
                                                          • CloseHandle.KERNEL32 ref: 003C81D1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CloseCreateHandleProcess
                                                          • String ID: \0@
                                                          • API String ID: 3712363035-863861157
                                                          • Opcode ID: 1ae6b5179de2cedf9dba8f5847400b2fc0d601d98ff4f1d45836bd2edaad1326
                                                          • Instruction ID: 685b577d86eb8b36efed367b18521faffc18f8adfa3467cb522af22990d96b7a
                                                          • Opcode Fuzzy Hash: 1ae6b5179de2cedf9dba8f5847400b2fc0d601d98ff4f1d45836bd2edaad1326
                                                          • Instruction Fuzzy Hash: 2FF03AB5641300BAE2216F61AC49FB73E5CEB06752F008471BA08E91A2D67A9E0483E8
                                                          Function 003B747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: _wcslen
                                                          • String ID: 3, 3, 16, 1
                                                          • API String ID: 176396367-3042988571
                                                          • Opcode ID: d6f77451893602de22780862506e603e51c5b8af3f41718c4d14c6d4e9abb57d
                                                          • Instruction ID: 6707a5156badb25daf1692c6346c170a9b8aeb9f7a312435638e17aa4c72f315
                                                          • Opcode Fuzzy Hash: d6f77451893602de22780862506e603e51c5b8af3f41718c4d14c6d4e9abb57d
                                                          • Instruction Fuzzy Hash: FAE02B06608220209237127B9CC6DFF5689CFC5756710182BFE81C6276EB948DD193E0
                                                          Function 00390B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00390B23
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Message
                                                          • String ID: AutoIt$Error allocating memory.
                                                          • API String ID: 2030045667-4017498283
                                                          • Opcode ID: 16749043763c75faeee1b28a3767d3e6e0a066d68fdcaa28c5f405a6c768d10c
                                                          • Instruction ID: 0762136c92a177fafb23beeb5db5d13c48f0bd6b25d1ca3d8c18721c21b22528
                                                          • Opcode Fuzzy Hash: 16749043763c75faeee1b28a3767d3e6e0a066d68fdcaa28c5f405a6c768d10c
                                                          • Instruction Fuzzy Hash: A0E0D8312443083ED21B36947C43FC97AC48F05B11F14442AFB8C9D4D38BE1789047A9
                                                          Function 00350D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0034F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00350D71,?,?,?,0033100A), ref: 0034F7CE
                                                          • IsDebuggerPresent.KERNEL32(?,?,?,0033100A), ref: 00350D75
                                                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0033100A), ref: 00350D84
                                                          Strings
                                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00350D7F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                          • API String ID: 55579361-631824599
                                                          • Opcode ID: 20ea3b815226ca240a4891a37145b8d4c2babe2c26b4ce4c06b11a30787ca306
                                                          • Instruction ID: a7769486690d2e9fdc078ed1d81599a9e5c73caeabcc7fd4c48a33a9349c9e9f
                                                          • Opcode Fuzzy Hash: 20ea3b815226ca240a4891a37145b8d4c2babe2c26b4ce4c06b11a30787ca306
                                                          • Instruction Fuzzy Hash: B8E092742003418FD7369FB8D544B827BF4AF00741F044D2DE886CA661DBB6F8488B91
                                                          Function 0034E398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __Init_thread_footer.LIBCMT ref: 0034E3D5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Init_thread_footer
                                                          • String ID: 0%@$8%@
                                                          • API String ID: 1385522511-2711268310
                                                          • Opcode ID: 79d36dcca685fd563fce98412caf7460a083411f35536b6dd03d47a7ec1e992c
                                                          • Instruction ID: 7c91f3662d1fbad59474b8ca6ccb2ccac7df5af1a5fba31d525e1fb5f02760f1
                                                          • Opcode Fuzzy Hash: 79d36dcca685fd563fce98412caf7460a083411f35536b6dd03d47a7ec1e992c
                                                          • Instruction Fuzzy Hash: 03E08639414910EBC60B9B18BF5DE8A3395FB05320F9151B5F512AF1E29BB53841865D
                                                          Function 003A3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 003A302F
                                                          • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 003A3044
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: Temp$FileNamePath
                                                          • String ID: aut
                                                          • API String ID: 3285503233-3010740371
                                                          • Opcode ID: 2d5c6dc921da0cfd9422cd4d97d6b26b208fcae89dfffaa63e2694df721bee0a
                                                          • Instruction ID: f6bccd1d95f936c5f9f6f02d9b4f4feda6244ad1ef2dc20e8516f25227b581cd
                                                          • Opcode Fuzzy Hash: 2d5c6dc921da0cfd9422cd4d97d6b26b208fcae89dfffaa63e2694df721bee0a
                                                          • Instruction Fuzzy Hash: F8D05EB250032867DE20E7A4AC0EFDB3A6CDB04750F0006A1F659E2091DBB0A984CBD0
                                                          Function 0038D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: LocalTime
                                                          • String ID: %.3d$X64
                                                          • API String ID: 481472006-1077770165
                                                          • Opcode ID: 894534f987653bc3fd3e8896a851242a329b4f6071cb4465946ee8e782d5df67
                                                          • Instruction ID: 54f341bef324f242a3c5cf808e0d992840424539952f5f5773c7cac024ab7e69
                                                          • Opcode Fuzzy Hash: 894534f987653bc3fd3e8896a851242a329b4f6071cb4465946ee8e782d5df67
                                                          • Instruction Fuzzy Hash: 4BD01271808208F9CB52B6D0DC49CB9B3BCFB08301F608892F906D2880D624D5086761
                                                          Function 003C2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 003C232C
                                                          • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 003C233F
                                                            • Part of subcall function 0039E97B: Sleep.KERNEL32 ref: 0039E9F3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: FindMessagePostSleepWindow
                                                          • String ID: Shell_TrayWnd
                                                          • API String ID: 529655941-2988720461
                                                          • Opcode ID: 69303dc77eb4bb709c23abc2a26de169ec0766ed836fa8dc4d6401db74f48c98
                                                          • Instruction ID: dab4a4ee6de4e8d93c9ff4417ac48dabb561287415caba183f92ebfe205aa43b
                                                          • Opcode Fuzzy Hash: 69303dc77eb4bb709c23abc2a26de169ec0766ed836fa8dc4d6401db74f48c98
                                                          • Instruction Fuzzy Hash: C6D012367A4310B7E665B771DC0FFD6BA189B40B14F005916F74AEA1D0C9F4B805CB54
                                                          Function 003C2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 003C236C
                                                          • PostMessageW.USER32(00000000), ref: 003C2373
                                                            • Part of subcall function 0039E97B: Sleep.KERNEL32 ref: 0039E9F3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: FindMessagePostSleepWindow
                                                          • String ID: Shell_TrayWnd
                                                          • API String ID: 529655941-2988720461
                                                          • Opcode ID: 244e71142076a0ca28674325e2b4b8582da27e6eb8f90a28b0f8a384e8bf2f88
                                                          • Instruction ID: 97d73e884ce49b4719df8c014e665cdf139924e4f3d311793e8b9aded24cf457
                                                          • Opcode Fuzzy Hash: 244e71142076a0ca28674325e2b4b8582da27e6eb8f90a28b0f8a384e8bf2f88
                                                          • Instruction Fuzzy Hash: 39D0C9327913107AE666B7719C0FFC6A6189B45B14F005916B74AEA1D0C9A4B8058B58
                                                          Function 0036BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0036BE93
                                                          • GetLastError.KERNEL32 ref: 0036BEA1
                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0036BEFC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2924669093.0000000000331000.00000020.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true
                                                          • Associated: 00000000.00000002.2924597774.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924804419.00000000003F2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924890290.00000000003FC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2924926974.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                          • String ID:
                                                          • API String ID: 1717984340-0
                                                          • Opcode ID: 9aaf90b42980c19f2afe522350ec9c2200024cb2af461127b05bd8d5748a0030
                                                          • Instruction ID: 03a897fb64913049b2df05c90c2d9b5f25dc75ec4c90259cd4805716cb251b08
                                                          • Opcode Fuzzy Hash: 9aaf90b42980c19f2afe522350ec9c2200024cb2af461127b05bd8d5748a0030
                                                          • Instruction Fuzzy Hash: 0F41E535600206AFCF238F65DC44AAAFBA9AF41310F168169F959DF1B9DB318C81CF60