Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1525464
MD5:7c48ac18b5f61d158935baa710aef543
SHA1:530f21100245700e173b7a077127ce62d599e12f
SHA256:7fdae5877e963c0525542eccbebb5155807a45fd5741eb14b1a7d404ae465900
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6756 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 7C48AC18B5F61D158935BAA710AEF543)
    • taskkill.exe (PID: 6804 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6156 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 2260 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 5016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 4312 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 3452 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 5324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • chrome.exe (PID: 4812 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 6156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1708 --field-trial-handle=1948,i,6862417218715387766,16326282571381455219,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 --field-trial-handle=1948,i,6862417218715387766,16326282571381455219,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1948,i,6862417218715387766,16326282571381455219,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 6756JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.4:49742 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.4:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49784 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49785 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0102DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0103698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010368EE FindFirstFileW,FindClose,0_2_010368EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0102D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0102D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0103979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01039642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_01039642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01039B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_01039B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01035C97 FindFirstFileW,FindNextFileW,FindClose,0_2_01035C97
    Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
    Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 23.211.8.90
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
    Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
    Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
    Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.45
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103CF1A InternetQueryDataAvailable,InternetReadFile,GetLastError,SetEvent,SetEvent,0_2_0103CF1A
    Source: global trafficHTTP traffic detected: GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1Host: youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1Host: www.youtube.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
    Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5D+OsSS+SvN7wGW&MD=2R6SN4p5 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
    Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2088320947&timestamp=1728026181885 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5D+OsSS+SvN7wGW&MD=2R6SN4p5 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
    Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
    Source: chromecache_91.14.drString found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: accounts.youtube.com
    Source: global trafficDNS traffic detected: DNS query: play.google.com
    Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 519sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: chromecache_91.14.drString found in binary or memory: https://accounts.google.com
    Source: chromecache_91.14.drString found in binary or memory: https://accounts.google.com/TOS?loc=
    Source: chromecache_82.14.drString found in binary or memory: https://apis.google.com/js/api.js
    Source: chromecache_91.14.drString found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
    Source: chromecache_91.14.drString found in binary or memory: https://families.google.com/intl/
    Source: chromecache_82.14.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
    Source: chromecache_82.14.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
    Source: chromecache_82.14.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
    Source: chromecache_91.14.drString found in binary or memory: https://g.co/recover
    Source: chromecache_91.14.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
    Source: chromecache_91.14.drString found in binary or memory: https://play.google.com/work/enroll?identifier=
    Source: chromecache_91.14.drString found in binary or memory: https://play.google/intl/
    Source: chromecache_91.14.drString found in binary or memory: https://policies.google.com/privacy
    Source: chromecache_91.14.drString found in binary or memory: https://policies.google.com/privacy/additional
    Source: chromecache_91.14.drString found in binary or memory: https://policies.google.com/privacy/google-partners
    Source: chromecache_91.14.drString found in binary or memory: https://policies.google.com/technologies/cookies
    Source: chromecache_91.14.drString found in binary or memory: https://policies.google.com/technologies/location-data
    Source: chromecache_91.14.drString found in binary or memory: https://policies.google.com/terms
    Source: chromecache_91.14.drString found in binary or memory: https://policies.google.com/terms/location
    Source: chromecache_91.14.drString found in binary or memory: https://policies.google.com/terms/service-specific
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/animation/
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
    Source: chromecache_82.14.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
    Source: chromecache_91.14.drString found in binary or memory: https://support.google.com/accounts?hl=
    Source: chromecache_91.14.drString found in binary or memory: https://support.google.com/accounts?p=new-si-ui
    Source: chromecache_91.14.drString found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
    Source: chromecache_82.14.drString found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
    Source: chromecache_91.14.drString found in binary or memory: https://www.google.com
    Source: chromecache_91.14.drString found in binary or memory: https://www.google.com/intl/
    Source: chromecache_82.14.drString found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
    Source: chromecache_82.14.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
    Source: chromecache_82.14.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
    Source: chromecache_82.14.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
    Source: chromecache_82.14.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
    Source: chromecache_82.14.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
    Source: chromecache_91.14.drString found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
    Source: chromecache_91.14.drString found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
    Source: file.exe, 00000000.00000003.1776966334.00000000005F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3007992678.0000000001108000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: chromecache_91.14.drString found in binary or memory: https://youtube.com/t/terms?gl=
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
    Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
    Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
    Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
    Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
    Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
    Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
    Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
    Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
    Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
    Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
    Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
    Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
    Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
    Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
    Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
    Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
    Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
    Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
    Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
    Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
    Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
    Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
    Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
    Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
    Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
    Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
    Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
    Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
    Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
    Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
    Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
    Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
    Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
    Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
    Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
    Source: unknownHTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.4:49742 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.4:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49784 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49785 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0103EAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0103ED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0103EAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102AB9C GetKeyState,GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0102AB9C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01059576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_01059576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_951d4464-0
    Source: file.exe, 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_cd20a160-1
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_a715ea98-a
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_bbbed70d-9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0102D5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01021201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_01021201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0102E8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC80600_2_00FC8060
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010320460_2_01032046
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010282980_2_01028298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FFE4FF0_2_00FFE4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF676B0_2_00FF676B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010548730_2_01054873
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCCAF00_2_00FCCAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FECAA00_2_00FECAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FDCC390_2_00FDCC39
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF6DD90_2_00FF6DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC91C00_2_00FC91C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FDB1190_2_00FDB119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE13940_2_00FE1394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE17060_2_00FE1706
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE781B0_2_00FE781B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE19B00_2_00FE19B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD997D0_2_00FD997D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC79200_2_00FC7920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE7A4A0_2_00FE7A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE7CA70_2_00FE7CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE1C770_2_00FE1C77
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF9EEE0_2_00FF9EEE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104BE440_2_0104BE44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE1F320_2_00FE1F32
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00FE0A30 appears 46 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00FDF9F2 appears 31 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal64.troj.evad.winEXE@46/30@12/6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010337B5 GetLastError,FormatMessageW,0_2_010337B5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010210BF AdjustTokenPrivileges,CloseHandle,0_2_010210BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010216C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_010216C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010351CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_010351CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0104A67C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0103648E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00FC42A2
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6952:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5016:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6208:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1360:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5324:120:WilError_03
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1708 --field-trial-handle=1948,i,6862417218715387766,16326282571381455219,262144 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 --field-trial-handle=1948,i,6862417218715387766,16326282571381455219,262144 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1948,i,6862417218715387766,16326282571381455219,262144 /prefetch:8
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobarsJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1708 --field-trial-handle=1948,i,6862417218715387766,16326282571381455219,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 --field-trial-handle=1948,i,6862417218715387766,16326282571381455219,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1948,i,6862417218715387766,16326282571381455219,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00FC42DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE0A76 push ecx; ret 0_2_00FE0A89
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FDF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00FDF98E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01051C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_01051C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-94778
    Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 7073Jump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow / User API: foregroundWindowGot 1775Jump to behavior
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.7 %
    Source: C:\Users\user\Desktop\file.exe TID: 6780Thread sleep time: -70730s >= -30000sJump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeThread sleep count: Count: 7073 delay: -10Jump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0102DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0103698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010368EE FindFirstFileW,FindClose,0_2_010368EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0102D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0102D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0103979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01039642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_01039642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01039B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_01039B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01035C97 FindFirstFileW,FindNextFileW,FindClose,0_2_01035C97
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00FC42DE
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103EAA2 BlockInput,0_2_0103EAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00FF2622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00FC42DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE4CE8 mov eax, dword ptr fs:[00000030h]0_2_00FE4CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01020B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_01020B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00FF2622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00FE083F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE09D5 SetUnhandledExceptionFilter,0_2_00FE09D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00FE0C21
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01021201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_01021201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01002BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_01002BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102B226 SendInput,keybd_event,0_2_0102B226
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102E355 mouse_event,0_2_0102E355
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01020B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_01020B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01021663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_01021663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE0698 cpuid 0_2_00FE0698
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01038195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_01038195
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101D27A GetUserNameW,0_2_0101D27A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FFBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00FFBB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00FC42DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 6756, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 6756, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01041204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_01041204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01041806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_01041806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		11
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
    Valid Accounts    		2
    Obfuscated Files or Information    		Security Account Manager1
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
    Access Token Manipulation    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture4
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script2
    Process Injection    		2
    Valid Accounts    		LSA Secrets12
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
    Virtualization/Sandbox Evasion    		Cached Domain Credentials12
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
    Access Token Manipulation    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
    Process Injection    		Proc Filesystem11
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1525464 Sample: file.exe Startdate: 04/10/2024 Architecture: WINDOWS Score: 64 46 Yara detected Credential Flusher 2->46 48 Binary is likely a compiled AutoIt script file 2->48 50 Machine Learning detection for sample 2->50 52 AI detected suspicious sample 2->52 7 file.exe 2->7         started        process3 signatures4 54 Binary is likely a compiled AutoIt script file 7->54 56 Found API chain indicative of sandbox detection 7->56 10 chrome.exe 1 7->10         started        13 taskkill.exe 1 7->13         started        15 taskkill.exe 1 7->15         started        17 3 other processes 7->17 process5 dnsIp6 42 192.168.2.4, 138, 443, 49672 unknown unknown 10->42 44 239.255.255.250 unknown Reserved 10->44 19 chrome.exe 10->19         started        22 chrome.exe 10->22         started        24 chrome.exe 6 10->24         started        26 conhost.exe 13->26         started        28 conhost.exe 15->28         started        30 conhost.exe 17->30         started        32 conhost.exe 17->32         started        34 conhost.exe 17->34         started        process7 dnsIp8 36 www.google.com 142.250.181.228, 443, 49740, 49886 GOOGLEUS United States 19->36 38 www3.l.google.com 142.250.184.238, 443, 49760 GOOGLEUS United States 19->38 40 5 other IPs or domains 19->40

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    youtube-ui.l.google.com0%VirustotalBrowse
    www.youtube.com0%VirustotalBrowse
    youtube.com0%VirustotalBrowse
    www.google.com0%VirustotalBrowse
    play.google.com0%VirustotalBrowse
    accounts.youtube.com0%VirustotalBrowse
    www3.l.google.com0%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://play.google/intl/0%URL Reputationsafe
    https://families.google.com/intl/0%URL Reputationsafe
    https://policies.google.com/technologies/location-data0%URL Reputationsafe
    https://policies.google.com/technologies/location-data0%URL Reputationsafe
    https://apis.google.com/js/api.js0%URL Reputationsafe
    https://apis.google.com/js/api.js0%URL Reputationsafe
    https://policies.google.com/privacy/google-partners0%URL Reputationsafe
    https://policies.google.com/terms/service-specific0%URL Reputationsafe
    https://policies.google.com/terms/service-specific0%URL Reputationsafe
    https://g.co/recover0%URL Reputationsafe
    https://g.co/recover0%URL Reputationsafe
    https://policies.google.com/privacy/additional0%URL Reputationsafe
    https://policies.google.com/privacy/additional0%URL Reputationsafe
    https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=32850720%URL Reputationsafe
    https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=32850720%URL Reputationsafe
    https://policies.google.com/technologies/cookies0%URL Reputationsafe
    https://policies.google.com/technologies/cookies0%URL Reputationsafe
    https://policies.google.com/terms0%URL Reputationsafe
    https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=0%URL Reputationsafe
    https://support.google.com/accounts?hl=0%URL Reputationsafe
    https://policies.google.com/terms/location0%URL Reputationsafe
    https://policies.google.com/privacy0%URL Reputationsafe
    https://support.google.com/accounts?p=new-si-ui0%URL Reputationsafe
    https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage0%URL Reputationsafe
    https://play.google.com/work/enroll?identifier=0%VirustotalBrowse
    https://youtube.com/t/terms?gl=0%VirustotalBrowse
    https://www.google.com0%VirustotalBrowse
    https://www.google.com/favicon.ico0%VirustotalBrowse
    https://www.youtube.com/t/terms?chromeless=1&hl=0%VirustotalBrowse
    https://play.google.com/log?hasfast=true&authuser=0&format=json0%VirustotalBrowse
    https://www.google.com/intl/1%VirustotalBrowse
    https://play.google.com/log?format=json&hasfast=true0%VirustotalBrowse
    https://play.google.com/log?format=json&hasfast=true&authuser=00%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    youtube-ui.l.google.com
    		142.250.185.238
    		truefalseunknown
    www3.l.google.com
    		142.250.184.238
    		truefalseunknown
    play.google.com
    		216.58.206.46
    		truefalseunknown
    www.google.com
    		142.250.181.228
    		truefalseunknown
    youtube.com
    		142.250.185.238
    		truefalseunknown
    accounts.youtube.com
    		unknown
    		unknownfalseunknown
    www.youtube.com
    		unknown
    		unknownfalseunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://play.google.com/log?format=json&hasfast=true&authuser=0falseunknown
    https://www.google.com/favicon.icofalseunknown
    https://play.google.com/log?hasfast=true&authuser=0&format=jsonfalseunknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://play.google/intl/chromecache_91.14.drfalse
    • URL Reputation: safe
    		unknown
    https://families.google.com/intl/chromecache_91.14.drfalse
    • URL Reputation: safe
    		unknown
    https://youtube.com/t/terms?gl=chromecache_91.14.drfalseunknown
    https://policies.google.com/technologies/location-datachromecache_91.14.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://www.google.com/intl/chromecache_91.14.drfalseunknown
    https://apis.google.com/js/api.jschromecache_82.14.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://policies.google.com/privacy/google-partnerschromecache_91.14.drfalse
    • URL Reputation: safe
    		unknown
    https://play.google.com/work/enroll?identifier=chromecache_91.14.drfalseunknown
    https://policies.google.com/terms/service-specificchromecache_91.14.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://g.co/recoverchromecache_91.14.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://policies.google.com/privacy/additionalchromecache_91.14.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072chromecache_91.14.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://policies.google.com/technologies/cookieschromecache_91.14.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://policies.google.com/termschromecache_91.14.drfalse
    • URL Reputation: safe
    		unknown
    https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=chromecache_82.14.drfalse
    • URL Reputation: safe
    		unknown
    https://www.google.comchromecache_91.14.drfalseunknown
    https://play.google.com/log?format=json&hasfast=truechromecache_91.14.drfalseunknown
    https://www.youtube.com/t/terms?chromeless=1&hl=chromecache_91.14.drfalseunknown
    https://support.google.com/accounts?hl=chromecache_91.14.drfalse
    • URL Reputation: safe
    		unknown
    https://policies.google.com/terms/locationchromecache_91.14.drfalse
    • URL Reputation: safe
    		unknown
    https://policies.google.com/privacychromecache_91.14.drfalse
    • URL Reputation: safe
    		unknown
    https://support.google.com/accounts?p=new-si-uichromecache_91.14.drfalse
    • URL Reputation: safe
    		unknown
    https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessagechromecache_91.14.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    142.250.185.238
    		youtube-ui.l.google.comUnited States
    		15169GOOGLEUSfalse
    216.58.206.46
    		play.google.comUnited States
    		15169GOOGLEUSfalse
    239.255.255.250
    		unknownReserved
    		unknownunknownfalse
    142.250.181.228
    		www.google.comUnited States
    		15169GOOGLEUSfalse
    142.250.184.238
    		www3.l.google.comUnited States
    		15169GOOGLEUSfalse

    Private

    IP
    192.168.2.4

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1525464
    Start date and time:2024-10-04 09:15:07 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 5m 13s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:21
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:file.exe
    Detection:MAL
    Classification:mal64.troj.evad.winEXE@46/30@12/6
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:
    • Successful, ratio: 94%
    • Number of executed functions: 41
    • Number of non-executed functions: 309
    Cookbook Comments:
    • Found application associated with file extension: .exe

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 216.58.212.131, 142.250.181.238, 173.194.76.84, 34.104.35.123, 142.250.186.99, 142.250.185.227, 142.250.185.106, 216.58.206.74, 142.250.185.138, 142.250.185.170, 142.250.186.138, 172.217.18.106, 142.250.186.42, 142.250.185.202, 172.217.18.10, 172.217.23.106, 142.250.186.106, 142.250.74.202, 142.250.186.74, 172.217.16.202, 142.250.185.234, 142.250.185.74, 88.221.110.91, 192.229.221.95, 142.250.184.234, 142.250.186.170, 142.250.181.234, 216.58.206.42, 142.250.184.202, 142.250.184.227, 74.125.206.84, 142.250.186.78
    • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
    • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
    • Not all processes where analyzed, report is missing behavior information
    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    239.255.255.250https://docsignfile.z13.web.core.windows.net/&redirect_mongo_id=66fea70f62194c155d978939&utm_source=Springbot&utm_medium=Email&utm_campaign=66fea70f62194c155d97893aGet hashmaliciousHTMLPhisherBrowse
      https://docsignfile.z13.web.core.windows.net/&redirect_mongo_id=66fea70f62194c155d978939&utm_source=Springbot&utm_medium=Email&utm_campaign=66fea70f62194c155d97893aGet hashmaliciousUnknownBrowse
        https://forms.office.com/Pages/ResponsePage.aspx?id=4mPIUn7HtEOifSf_jkD9akHPEdQOqpJDoTs5yuUf8txUMEFQTE42TU03SUJBSU84VTY3MEtFR1JaUS4uGet hashmaliciousHTMLPhisherBrowse
          https://url.us.m.mimecastprotect.com/s/8I0_CKrkVEt48y6BzfMfWF5hBIN?domain=woems-my.sharepoint.comGet hashmaliciousUnknownBrowse
            https://t.co/dvIdjH2XsvGet hashmaliciousUnknownBrowse
              https://irp.cdn-website.com/02ccf804/files/uploaded/webpage.htmlGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousCredential FlusherBrowse
                  http://whinairith.netGet hashmaliciousUnknownBrowse
                    Full Litigation File.pdfGet hashmaliciousUnknownBrowse
                      http://185.95.84.78/rd/4gmsyP17223JZmx332lihotmtcwn9842ZSCGIOAIIATLJCU85240TITV3606d9Get hashmaliciousPhisherBrowse

                        Domains

                        No context

                        ASNs

                        No context

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        28a2c9bd18a11de089ef85a160da29e4Aura.exeGet hashmaliciousRedLineBrowse
                        • 4.175.87.197
                        • 172.202.163.200
                        • 23.211.8.90
                        • 13.107.246.45
                        https://url.us.m.mimecastprotect.com/s/8I0_CKrkVEt48y6BzfMfWF5hBIN?domain=woems-my.sharepoint.comGet hashmaliciousUnknownBrowse
                        • 4.175.87.197
                        • 172.202.163.200
                        • 23.211.8.90
                        • 13.107.246.45
                        https://t.co/dvIdjH2XsvGet hashmaliciousUnknownBrowse
                        • 4.175.87.197
                        • 172.202.163.200
                        • 23.211.8.90
                        • 13.107.246.45
                        https://irp.cdn-website.com/02ccf804/files/uploaded/webpage.htmlGet hashmaliciousUnknownBrowse
                        • 4.175.87.197
                        • 172.202.163.200
                        • 23.211.8.90
                        • 13.107.246.45
                        file.exeGet hashmaliciousCredential FlusherBrowse
                        • 4.175.87.197
                        • 172.202.163.200
                        • 23.211.8.90
                        • 13.107.246.45
                        http://whinairith.netGet hashmaliciousUnknownBrowse
                        • 4.175.87.197
                        • 172.202.163.200
                        • 23.211.8.90
                        • 13.107.246.45
                        Full Litigation File.pdfGet hashmaliciousUnknownBrowse
                        • 4.175.87.197
                        • 172.202.163.200
                        • 23.211.8.90
                        • 13.107.246.45
                        http://185.95.84.78/rd/4gmsyP17223JZmx332lihotmtcwn9842ZSCGIOAIIATLJCU85240TITV3606d9Get hashmaliciousPhisherBrowse
                        • 4.175.87.197
                        • 172.202.163.200
                        • 23.211.8.90
                        • 13.107.246.45
                        file.exeGet hashmaliciousCredential FlusherBrowse
                        • 4.175.87.197
                        • 172.202.163.200
                        • 23.211.8.90
                        • 13.107.246.45
                        https://1drv.ms/o/c/fdad16d5f2338a27/Eo8O_nGS-PdFnAhpolmsW1cBd-Jv5WSSl5AjZZuAQUSXNw?e=5%3aI9hXvq&sharingv2=true&fromShare=true&at=9Get hashmaliciousUnknownBrowse
                        • 4.175.87.197
                        • 172.202.163.200
                        • 23.211.8.90
                        • 13.107.246.45

                        Dropped Files

                        No context

                        Created / dropped Files

                        Chrome Cache Entry: 77

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text, with very long lines (681)
                        Category:downloaded
                        Size (bytes):4066
                        Entropy (8bit):5.369564168658135
                        Encrypted:false
                        SSDEEP:96:G6mTOIiY1medWRQrf7VF6vtDgXJyA7oxcoT4w:3mTOImedWOVF6vtUJyA8xJt
                        MD5:4D3D9750CA5EB8A7D20993397BC5A6B8
                        SHA1:DDB05A2C8AB1FD4537EEB2433BDF507CEE8CB8D2
                        SHA-256:FCD1C642992A0BAF9038B3710DA080282AF0C80C113E1CE8F984F8143A2B2B32
                        SHA-512:482DD926971FACA341058B35D333CEF64EAC460FC29B0B17AF5CD515253BCE973BBCAABADE3C4D125E07DE3BC75DE52059D5B229C44C5F95A30B845651EF64CA
                        Malicious:false
                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
                        Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.vg(_.bqa);._.k("sOXFj");.var wu=function(a){_.W.call(this,a.Fa)};_.J(wu,_.W);wu.Ba=_.W.Ba;wu.prototype.aa=function(a){return a()};_.qu(_.aqa,wu);._.l();._.k("oGtAuc");._.Bya=new _.pf(_.bqa);._.l();._.k("q0xTif");.var vza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Lc=null,_.Gu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Su=function(a){_.nt.call(this,a.Fa);this.Qa=this.dom=null;if(this.rl()){var b=_.Cm(this.Wg(),[_.Hm,_.Gm]);b=_.pi([b[_.Hm],b[_.Gm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.ku(this,b)}this.Ra=a.lm.Dea};_.J(Su,_.nt);Su.Ba=function(){return{lm:{Dea:function(a){return _.Ue(a)}}}};Su.prototype.Bp=function(a){return this.Ra.Bp(a)};.Su.prototype.getData=function(a){return this.Ra.getData(a)};Su.prototype.uo=function(){_.Nt(this.d

                        Chrome Cache Entry: 78

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (1694)
                        Category:downloaded
                        Size (bytes):32500
                        Entropy (8bit):5.378121087555083
                        Encrypted:false
                        SSDEEP:768:OnTTScxIXeijt4aRZf4AEqTzQh2HIVVcYTVf79pew6cVEkAXtuWsmsL:iA4w4A4h2HIVVcMVf72QA9jOL
                        MD5:57D7B0A2CE36496F05AFA27B39C1F219
                        SHA1:418AD03C2E75AEAF188E2A00123B70E09D541656
                        SHA-256:E247A1F5E564A248C92E39C040A06B9B3BEA50A130CC98F2787FB5E2441E0707
                        SHA-512:78B135A69424F951AC7E3CCBDC4F496BCA0BE6A2312DC90DFA29032C7DB19455B7E35FEE57F470729EC5E86D52DC19037BB6404C27DF614A548DE409527866C2
                        Malicious:false
                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{.var Cua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=Cua.prototype;_.h.Zc=null;_.h.rZ=1E4;_.h.jA=!1;_.h.sQ=0;_.h.JJ=null;_.h.gV=null;_.h.setTimeout=function(a){this.rZ=a};_.h.start=function(){if(this.jA)throw Error("dc");this.jA=!0;this.sQ=0;Dua(this)};_.h.stop=function(){Eua(this);this.jA=!1};.var Dua=function(a){a.sQ++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.bg)(a.hH,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.bg)(a.Kja,a),a.aa.onerror=(0,_.bg)(a.Jja,a),a.aa.onabort=(0,_.bg)(a.Ija,a),a.JJ=_.om(a.Lja,a.rZ,a),a.aa.src=String(a.ka))};_.h=Cua.prototype;_.h.Kja=function(){this.hH(!0)};_.h.Jja=function(){this.hH(!1)};_.h.Ija=function(){this.hH(!1)};_.h.Lja=function(){this.hH(!1)};._.h.hH=function(a){Eua(this);a?(this.jA=!1,this.da.call(this.ea,!0)):this.sQ<=0?Dua(this):(this.jA=!1,

                        Chrome Cache Entry: 79

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (570)
                        Category:downloaded
                        Size (bytes):3467
                        Entropy (8bit):5.508385764606741
                        Encrypted:false
                        SSDEEP:96:ogbsxK3SrI2Jrutmxy9FALtcP+EGYkxhclzV9xCw:Psc3OIpDj2ZYkxhATxX
                        MD5:231ABD6E6C360E709640B399EDF85476
                        SHA1:6CB98F38D9B6FDCF2E7D7C7682A219082F2E1E75
                        SHA-256:44B5D535663C65CD2E6228EF1F0C3DBA9C89EAE5C1BF079A6C4C64972DEE989D
                        SHA-512:D45455810B34493A05BA2DD7ADF24C0C009F4CF0898AE9C57978D38C8F2654CEEFC11D1C151BA72B902E0FA87537D43C37957DCAEC1792B5277B54C8E7BCCA3C
                        Malicious:false
                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("Wt6vjf");.var fya=function(){var a=_.He();return _.Nj(a,1)},au=function(a){this.Da=_.t(a,0,au.messageId)};_.J(au,_.v);au.prototype.Ha=function(){return _.Fj(this,1)};au.prototype.Ua=function(a){return _.Xj(this,1,a)};au.messageId="f.bo";var bu=function(){_.km.call(this)};_.J(bu,_.km);bu.prototype.xd=function(){this.NT=!1;gya(this);_.km.prototype.xd.call(this)};bu.prototype.aa=function(){hya(this);if(this.JC)return iya(this),!1;if(!this.UV)return cu(this),!0;this.dispatchEvent("p");if(!this.HP)return cu(this),!0;this.NM?(this.dispatchEvent("r"),cu(this)):iya(this);return!1};.var jya=function(a){var b=new _.gp(a.b5);a.vQ!=null&&_.Mn(b,"authuser",a.vQ);return b},iya=function(a){a.JC=!0;var b=jya(a),c="rt=r&f_uid="+_.rk(a.HP);_.fn(b,(0,_.bg)(a.ea,a),"POST",c)};.bu.prototype.ea=function(a){a=a.target;hya(this);if(_.jn(a)){this.iK=0;if(this.NM)this.JC=!1,this.dispatchEvent("r"

                        Chrome Cache Entry: 80

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (683)
                        Category:downloaded
                        Size (bytes):3131
                        Entropy (8bit):5.352056237104327
                        Encrypted:false
                        SSDEEP:48:o7hHD75byh9xqKP5jNQ8js63rAwrMNhYfmdpwoKLEy5aQW5Tx5v3MmFopMGIWO4x:oFD+95jOQr3AT7wRLDGD5flBb4Ew
                        MD5:ADEF03127F74F5E6742B8CFA7B863F28
                        SHA1:58D7C635582AF10E91EC047FD315FAF758AF51DA
                        SHA-256:5FDD639E222F58AEB6178EB02583086BCC50ED219DEAA953D0E7984DD0E1FEDC
                        SHA-512:3AC26E9569EE83298F386D551774F378D3E433A2C80C1D4BC7481C544605A2FA4943F6CBC8E97FBF8FE3C32C1EFB2A1CCAA01403819482FC7429538FDF2CA758
                        Malicious:false
                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var kA=function(a){_.W.call(this,a.Fa)};_.J(kA,_.W);kA.Ba=_.W.Ba;kA.prototype.jS=function(a){return _.Ye(this,{Xa:{lT:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.ni(function(e){window._wjdc=function(f){d(f);e(dKa(f,b,a))}}):dKa(c,b,a)})};var dKa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.lT.jS(c)};.kA.prototype.aa=function(a,b){var c=_.Dra(b).Tj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d||(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.af(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.qu(_.Lfa,kA);._.l();._.k("SNUn3");._.cKa=new _.pf(_.wg);._.l();._.k("RMhBfe");.var eKa=function(a){var b=_.wq(a);return b?new _.ni(function(c,d){var e=function(){b=_.wq(a);var f=_.Sfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

                        Chrome Cache Entry: 81

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (533)
                        Category:downloaded
                        Size (bytes):9210
                        Entropy (8bit):5.393248075042016
                        Encrypted:false
                        SSDEEP:192:t7mFYxV97I4Ia0U44rS3mt8IV7ydti6M5/1JlNg:t7vB7Il2t+dEF1JlNg
                        MD5:2ED5BC88509286438B682EFF23518005
                        SHA1:D5C8FD77BA3ED7F977A4AD0C85CF026D0F74F3E2
                        SHA-256:F878D44B5CAC6BC95D638C13D0814C10E7D6CC145351ABA7945F53D8CB167979
                        SHA-512:12F5415A482286C53631D09B5F50BA4AAA0957DB61904430E5B728777A15DC62428ED560847AB1DFEC459E302FB4D009D32CC1770EAD5425023CA48DF4640AA4
                        Malicious:false
                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.vNa=_.z("SD8Jgb",[]);._.GX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.A)b=_.Za(b.Ku()),a.empty().append(b);else if(b instanceof _.Ua)b=_.Za(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Wf");};_.HX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.bMb=function(a){return a===null||typeof a==="string"&&_.Ji(a)};._.k("SD8Jgb");._.MX=function(a){_.X.call(this,a.Fa);this.Va=a.controller.Va;this.od=a.controllers.od[0]||null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null||b.setAttribute("type","button")};_.J(_.MX,_.X);_.MX.Ba=function(){return{controller:{Va:{jsname:"n7vHCb",ctor:_.pv},header:{jsname:"tJHJj",ctor:_.pv},nav:{jsname:"DH6Rkf",ct

                        Chrome Cache Entry: 82

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (553)
                        Category:downloaded
                        Size (bytes):744316
                        Entropy (8bit):5.792609563905897
                        Encrypted:false
                        SSDEEP:6144:h5bdWK/20rOQKKQtvqUGSGDdPSxdZqmguaH:5OeKGSpguA
                        MD5:E5DFAA54FA9E49582769745439A0B809
                        SHA1:A5BA6F69DA4C2D684DF9A6E5EFAF91CDEDC9DFBA
                        SHA-256:FC7077701258AA0159E2A90714C0245E556F60F36F73574515C5E12B02CBDDD2
                        SHA-512:EF0BE7B81E43B2E899769204B107EBA503C46E27D57952238DD92A35F8871061302E1BB97398B7E58672B598642C85B2918DC881E63F2F85712E38601E76CF7F
                        Malicious:false
                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlGqbcbY7EPIbU9aEKq4q6omjn3kkA/m=_b,_tp"
                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x2860c1c4, 0x20469860, 0x39e13c40, 0x14501e80, 0xe420, 0x0, 0x1a000000, 0x1d000003, 0xc, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT.*/./*. SPDX-License-Identifier: Apache-2.0.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Na,Ta,gaa,iaa,jb,qaa,waa,Caa,Haa,Kaa,Jb,Laa,Ob,Qb,Rb,Maa,Naa,Sb,Oaa,Paa,Qaa,Yb,Vaa,Xaa,ec,fc,gc,bba,cba,gba,jba,lba,mba,qba,tba,nba,sba,rba,pba,oba,uba,yba,Cba,Dba,Aba,Hc,Ic,Gba,Iba,Mba,Nba,Oba,Pba,Lba,Qba,Sba,dd,Uba,Vba,Xba,Zba,Yba,aca,bca,cca,dca,fca,eca,hca,ica,jca,kca,nca,

                        Chrome Cache Entry: 83

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                        Category:downloaded
                        Size (bytes):5430
                        Entropy (8bit):3.6534652184263736
                        Encrypted:false
                        SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                        MD5:F3418A443E7D841097C714D69EC4BCB8
                        SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                        SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                        SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                        Malicious:false
                        URL:https://www.google.com/favicon.ico
                        Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                        Chrome Cache Entry: 84

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
                        Category:downloaded
                        Size (bytes):52280
                        Entropy (8bit):7.995413196679271
                        Encrypted:true
                        SSDEEP:1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
                        MD5:F61F0D4D0F968D5BBA39A84C76277E1A
                        SHA1:AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
                        SHA-256:57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
                        SHA-512:6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
                        Malicious:false
                        URL:https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
                        Preview:wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.*',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.|*(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.5*1w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e*......71.?.7.ORv.?...l...G|.P...|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....|..D.d..

                        Chrome Cache Entry: 85

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (755)
                        Category:downloaded
                        Size (bytes):1460
                        Entropy (8bit):5.274624539239422
                        Encrypted:false
                        SSDEEP:24:kMYD7DUuXIqMSsN7UYgtx/mQ7hz1BU6TZ6BdXDMvUKGbWxlGb+jSFFV87Ofk8tp8:o7DhXI6PoXwsKGb2lGb+jS9Mwrw
                        MD5:481C149C4D3EE4A53C3E7CBA067371DF
                        SHA1:E0FED275636D3492C922C44F010157FAF0936733
                        SHA-256:9327A53F577C5FCEFDB162E02D8646CE5B70DF2201F4B3289384657B32BACE70
                        SHA-512:EC5C5A03ED4E1A27BEE7E1C488A238D79A9787D944E364CCE516FB28C22256919E49C99BFCFEA0F7815AB4232A350914E26D33D20F5A81ED19A39DFD40E30C79
                        Malicious:false
                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("lOO0Vd");._.b_a=new _.pf(_.Dm);._.l();._.k("P6sQOc");.var g_a=!!(_.Mh[1]&16);var i_a=function(a,b,c,d,e){this.ea=a;this.xa=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=h_a(this)},j_a=function(a){var b={};_.Ma(a.HS(),function(e){b[e]=!0});var c=a.uS(),d=a.yS();return new i_a(a.wP(),c.aa()*1E3,a.bS(),d.aa()*1E3,b)},h_a=function(a){return Math.random()*Math.min(a.xa*Math.pow(a.ka,a.aa),a.Ca)},SG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var TG=function(a){_.W.call(this,a.Fa);this.da=a.Ea.JV;this.ea=a.Ea.metadata;a=a.Ea.cha;this.fetch=a.fetch.bind(a)};_.J(TG,_.W);TG.Ba=function(){return{Ea:{JV:_.e_a,metadata:_.b_a,cha:_.VZa}}};TG.prototype.aa=function(a,b){if(this.ea.getType(a.Od())!==1)return _.Vm(a);var c=this.da.jV;return(c=c?j_a(c):null)&&SG(c)?_.zya(a,k_a(this,a,b,c)):_.Vm(a)};.var k_a=function(a,b,c,d){return c.then(function(e){return e},function(e)

                        Chrome Cache Entry: 86

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (2907)
                        Category:downloaded
                        Size (bytes):23298
                        Entropy (8bit):5.429186219736739
                        Encrypted:false
                        SSDEEP:384:+BitNeB9HVPQmqySWyvbbb/XEm6k1JTM2qzhOF0bCjOgiQBH2f+wl9nyf0zHwx:+BiHeB9Hecebbb/PONOFnjOgPBHgSywx
                        MD5:A5C41D7BA22E9CF451810802AE5AC2E8
                        SHA1:858F35134A0BD7BAECB1B1A30EC3645642214554
                        SHA-256:D29364A1E9EDE91152F2CB84962B73644741817C9C6A615C1FB70A885DD1CB8D
                        SHA-512:DEA28AD362B51832D33CD9E936C0A255FA32C20DFFC6E806DA7AAF657D3490AF079C40FE21E10B2FDC971EB066E51ABDA182DEDC156759CCE06440E456FEB316
                        Malicious:false
                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.xu.prototype.da=_.ca(40,function(){return _.tj(this,3)});_.cz=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.cz.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.dz=function(){this.ka=!0;var a=_.xj(_.fk(_.Be("TSDtV",window),_.Cya),_.xu,1,_.sj())[0];if(a){var b={};for(var c=_.n(_.xj(a,_.Dya,2,_.sj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Lj(d,1).toString();switch(_.vj(d,_.yu)){case 3:b[e]=_.Jj(d,_.nj(d,_.yu,3));break;case 2:b[e]=_.Lj(d,_.nj(d,_.yu,2));break;case 4:b[e]=_.Mj(d,_.nj(d,_.yu,4));break;case 5:b[e]=_.Nj(d,_.nj(d,_.yu,5));break;case 6:b[e]=_.Rj(d,_.ff,6,_.yu);break;default:throw Error("jd`"+_.vj(d,_.yu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.dz.prototype.aa=function(a){if(!this.ka||a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Be("nQyAE",window)){var b=_.Fya(a.flagName);if(b===null)a=a.de

                        Chrome Cache Entry: 87

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (468)
                        Category:downloaded
                        Size (bytes):1858
                        Entropy (8bit):5.297658905867848
                        Encrypted:false
                        SSDEEP:48:o7vjoGL3AeFkphnpiu7cOyBfO/3d/rYrv3Zrw:ofrLxFuLdyp2AVw
                        MD5:B42DB3D22B12B8E3BE1B82961FE2870E
                        SHA1:D9CFD11C1C2DE17A7E9301F11AD875B610B96576
                        SHA-256:75DC40A81CEACB57940F84D2B29E021974C3004B245CC7198362CA944E9C4058
                        SHA-512:EC0708797586F8F85EC8A0BBECA707D73778D93C12986B92965D1828B254D39485926354AEC4D73474BC5755E392B813D8045B19369FAE23B30BBD12E17F7053
                        Malicious:false
                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.QZ=function(a){_.W.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.QZ,_.W);_.QZ.Ba=function(){return{Ea:{window:_.tu,Mc:_.HE}}};_.QZ.prototype.Po=function(){};_.QZ.prototype.addEncryptionRecoveryMethod=function(){};_.RZ=function(a){return(a==null?void 0:a.Jo)||function(){}};_.SZ=function(a){return(a==null?void 0:a.r3)||function(){}};_.VPb=function(a){return(a==null?void 0:a.Qp)||function(){}};._.WPb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.XPb=function(a){setTimeout(function(){throw a;},0)};_.QZ.prototype.qO=function(){return!0};_.qu(_.Dn,_.QZ);._.l();._.k("ziXSP");.var j_=function(a){_.QZ.call(this,a.Fa)};_.J(j_,_.QZ);j_.Ba=_.QZ.Ba;j_.prototype.Po=function(a,b,c){var d;if((d=this.window.chrome)==nu

                        Chrome Cache Entry: 88

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (522)
                        Category:downloaded
                        Size (bytes):5050
                        Entropy (8bit):5.30005628600801
                        Encrypted:false
                        SSDEEP:96:o75BuBxJfma7bGZABddEgf8nI4zLm4KGo8Vh1EabPVTq8fv/xRw:WHMmaX9r8Igp7nBlHo
                        MD5:D9F15F1AEAF15673336FAA3507D1A2A7
                        SHA1:FC79D00AF2E2D44FEBA701F12ECD4AFCA327F464
                        SHA-256:AA3574ADCF3826390918BC2D5DCD88D7BC63238A6022DEF3487A67A731C30E7A
                        SHA-512:D756961B6BFC478274E390B94D613BD837DA011D680FC6D67779A8E12C7F082EF977FC15D02C076F92BC1D2CE7EFDE48F82B4EC1BD12CF38AEDDAB1917E36041
                        Malicious:false
                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.oNa=_.z("wg1P6b",[_.XA,_.Fn,_.Nn]);._.k("wg1P6b");.var f6a;f6a=_.mh(["aria-"]);._.yJ=function(a){_.X.call(this,a.Fa);this.Ka=this.xa=this.aa=this.viewportElement=this.Na=null;this.Jc=a.Ea.ef;this.ab=a.Ea.focus;this.Fc=a.Ea.Fc;this.ea=this.Qi();a=-1*parseInt(_.Fo(this.Qi().el(),"marginTop")||"0",10);var b=parseInt(_.Fo(this.Qi().el(),"marginBottom")||"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.cf(this.getData("isMenuDynamic"),!1);b=_.cf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Wc(0),_.ku(this,.g6a(this,this.aa.el())));_.oF(this.oa())&&(a=this.oa().el(),b=this.we.bind(this),a.__soy_skip_handler=b)};_.J(_.yJ,_.X);_.yJ.Ba=function(){return{Ea:{ef:_.cF,focus:_.OE,Fc:_.uu}}};_.yJ.prototype.IF=function(a){var b=a.source;this.Na=b;var c;((c=a.data)==null?0:c.qz)?(a=a.data.qz,this.Ca=a==="MOUS

                        Chrome Cache Entry: 89

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with no line terminators
                        Category:downloaded
                        Size (bytes):84
                        Entropy (8bit):4.875266466142591
                        Encrypted:false
                        SSDEEP:3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
                        MD5:87B6333E98B7620EA1FF98D1A837A39E
                        SHA1:105DE6815B0885357DE1414BFC0D77FCC9E924EF
                        SHA-256:DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
                        SHA-512:867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
                        Malicious:false
                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                        Preview:Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

                        Chrome Cache Entry: 90

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (395)
                        Category:downloaded
                        Size (bytes):1608
                        Entropy (8bit):5.271783084011668
                        Encrypted:false
                        SSDEEP:48:o726BiFP89yAxKz1TtMxII+eXww7D2bc+rw:oyMyAAz1WNd8vw
                        MD5:45EA91A811A594F81B7F760DD14BE237
                        SHA1:2C97782C6D5D0BCFB3676FF24AA1008251090DAE
                        SHA-256:7488FF4710E7592F66BE1FAC090F73CB8F1D2D0794B57DEAC1798C5B309EE76F
                        SHA-512:4F79A36857D5A8AF1E2F938EF92EA75C384DE4789972B068BE82EADAA442C538A65035CCE8665A7283137E2075B8FE4C1C9E7B2A36585491683B4869005B772A
                        Malicious:false
                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,ZDZcre,A7fCU"
                        Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.vg(_.Ila);_.iA=function(a){_.W.call(this,a.Fa);this.aa=a.Xa.cache};_.J(_.iA,_.W);_.iA.Ba=function(){return{Xa:{cache:_.gt}}};_.iA.prototype.execute=function(a){_.Bb(a,function(b){var c;_.$e(b)&&(c=b.eb.kc(b.kb));c&&this.aa.LG(c)},this);return{}};_.qu(_.Ola,_.iA);._.l();._.k("ZDZcre");.var jH=function(a){_.W.call(this,a.Fa);this.Xl=a.Ea.Xl;this.j4=a.Ea.metadata;this.aa=a.Ea.wt};_.J(jH,_.W);jH.Ba=function(){return{Ea:{Xl:_.OG,metadata:_.b_a,wt:_.LG}}};jH.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Bb(a,function(c){var d=b.j4.getType(c.Od())===2?b.Xl.Rb(c):b.Xl.fetch(c);return _.Bl(c,_.PG)?d.then(function(e){return _.Dd(e)}):d},this)};_.qu(_.Tla,jH);._.l();._.k("K5nYTd");._.a_a=new _.pf(_.Pla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var RG=function(a){_.W.call(this,a.Fa);this.aa=a.Ea.yQ};_.J(RG,_.W);RG.Ba=func

                        Chrome Cache Entry: 91

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (5693)
                        Category:downloaded
                        Size (bytes):698375
                        Entropy (8bit):5.594847180822494
                        Encrypted:false
                        SSDEEP:6144:TN3KfgnkxgOYoRvEoQvSXwojVlmGa/ZLniy7ZkvgTa5PB1+UO5Hx+B8U2+:TUMkxgOENagFxniZU+
                        MD5:9CB39A9BED5FF75EEA0E5CDECB8173A2
                        SHA1:17221DDCEBFCDD26C01E6EB9A8FB51CFCDE716E8
                        SHA-256:37D3F108CC80806B0C46B3D6A2084E33E7370124D3B8AAEF55588370CFEBC014
                        SHA-512:8C07EC9BEB91B345B25280EFD158D77F8E4A6F889A9CDFDECF734C12EDAC2D2FC329EF5F72D5DBF7A795E24E5D77A30E4072F8547FCF80560655AB737ED4658E
                        Malicious:false
                        URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.PqO-Y4U4tl0.es5.O/ck=boq-identity.AccountsSignInUi.nq70RHujW6U.L.B1.O/am=xMFgKBimEQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGthBVGBSp-YI0QYkOxVUgN-__l4g/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
                        Preview:"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

                        Static File Info

                        General

                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Entropy (8bit):6.583825880911351
                        TrID:
                        • Win32 Executable (generic) a (10002005/4) 99.96%
                        • Generic Win/DOS Executable (2004/3) 0.02%
                        • DOS Executable Generic (2002/1) 0.02%
                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                        File name:file.exe
                        File size:919'040 bytes
                        MD5:7c48ac18b5f61d158935baa710aef543
                        SHA1:530f21100245700e173b7a077127ce62d599e12f
                        SHA256:7fdae5877e963c0525542eccbebb5155807a45fd5741eb14b1a7d404ae465900
                        SHA512:bef36fd972a3882a89cc743faa0e1c6e2a8a80b66f528a33b76a94056fdc28257d2d7a53a0239ee78f339f343f664af1b5543687915f39354fe36d1954c1cc55
                        SSDEEP:24576:dqDEvCTbMWu7rQYlBQcBiT6rprG8a4mK:dTvC/MTQYxsWR7a4
                        TLSH:C0159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                        File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                        File Icon

                        Icon Hash:aaf3e3e3938382a0

                        Static PE Info

                        General

                        Entrypoint:0x420577
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                        Time Stamp:0x66FF917A [Fri Oct 4 06:55:54 2024 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:5
                        OS Version Minor:1
                        File Version Major:5
                        File Version Minor:1
                        Subsystem Version Major:5
                        Subsystem Version Minor:1
                        Import Hash:948cc502fe9226992dce9417f952fce3

                        Entrypoint Preview

                        Instruction
                        call 00007FCFD104BE33h
                        jmp 00007FCFD104B73Fh
                        push ebp
                        mov ebp, esp
                        push esi
                        push dword ptr [ebp+08h]
                        mov esi, ecx
                        call 00007FCFD104B91Dh
                        mov dword ptr [esi], 0049FDF0h
                        mov eax, esi
                        pop esi
                        pop ebp
                        retn 0004h
                        and dword ptr [ecx+04h], 00000000h
                        mov eax, ecx
                        and dword ptr [ecx+08h], 00000000h
                        mov dword ptr [ecx+04h], 0049FDF8h
                        mov dword ptr [ecx], 0049FDF0h
                        ret
                        push ebp
                        mov ebp, esp
                        push esi
                        push dword ptr [ebp+08h]
                        mov esi, ecx
                        call 00007FCFD104B8EAh
                        mov dword ptr [esi], 0049FE0Ch
                        mov eax, esi
                        pop esi
                        pop ebp
                        retn 0004h
                        and dword ptr [ecx+04h], 00000000h
                        mov eax, ecx
                        and dword ptr [ecx+08h], 00000000h
                        mov dword ptr [ecx+04h], 0049FE14h
                        mov dword ptr [ecx], 0049FE0Ch
                        ret
                        push ebp
                        mov ebp, esp
                        push esi
                        mov esi, ecx
                        lea eax, dword ptr [esi+04h]
                        mov dword ptr [esi], 0049FDD0h
                        and dword ptr [eax], 00000000h
                        and dword ptr [eax+04h], 00000000h
                        push eax
                        mov eax, dword ptr [ebp+08h]
                        add eax, 04h
                        push eax
                        call 00007FCFD104E4DDh
                        pop ecx
                        pop ecx
                        mov eax, esi
                        pop esi
                        pop ebp
                        retn 0004h
                        lea eax, dword ptr [ecx+04h]
                        mov dword ptr [ecx], 0049FDD0h
                        push eax
                        call 00007FCFD104E528h
                        pop ecx
                        ret
                        push ebp
                        mov ebp, esp
                        push esi
                        mov esi, ecx
                        lea eax, dword ptr [esi+04h]
                        mov dword ptr [esi], 0049FDD0h
                        push eax
                        call 00007FCFD104E511h
                        test byte ptr [ebp+08h], 00000001h
                        pop ecx

                        Rich Headers

                        Programming Language:
                        • [ C ] VS2008 SP1 build 30729
                        • [IMP] VS2008 SP1 build 30729

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9bb8.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .rsrc0xd40000x9bb80x9c00a8c3c3b91e21eb15e9da9b34b413180bFalse0.3167568108974359data5.332262511921004IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                        RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                        RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                        RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                        RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                        RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                        RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                        RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                        RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                        RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                        RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                        RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                        RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                        RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                        RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                        RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                        RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                        RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                        RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                        RT_RCDATA0xdc7b80xe7edata1.002964959568733
                        RT_GROUP_ICON0xdd6380x76dataEnglishGreat Britain0.6610169491525424
                        RT_GROUP_ICON0xdd6b00x14dataEnglishGreat Britain1.25
                        RT_GROUP_ICON0xdd6c40x14dataEnglishGreat Britain1.15
                        RT_GROUP_ICON0xdd6d80x14dataEnglishGreat Britain1.25
                        RT_VERSION0xdd6ec0xdcdataEnglishGreat Britain0.6181818181818182
                        RT_MANIFEST0xdd7c80x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                        Imports

                        DLLImport
                        WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                        VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                        WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                        COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                        MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                        WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                        PSAPI.DLLGetProcessMemoryInfo
                        IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                        USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                        UxTheme.dllIsThemeActive
                        KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                        USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                        GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                        COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                        ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                        SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                        ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                        OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                        Possible Origin

                        Language of compilation systemCountry where language is spokenMap
                        EnglishGreat Britain

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Oct 4, 2024 09:16:07.227569103 CEST49675443192.168.2.4173.222.162.32
                        Oct 4, 2024 09:16:12.526873112 CEST49730443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:12.526918888 CEST44349730142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:12.526990891 CEST49730443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:12.527748108 CEST49730443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:12.527765036 CEST44349730142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:13.184288979 CEST44349730142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:13.184473038 CEST49730443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:13.184483051 CEST44349730142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:13.185022116 CEST44349730142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:13.185089111 CEST49730443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:13.186014891 CEST44349730142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:13.186064959 CEST49730443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:13.186806917 CEST49730443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:13.186891079 CEST44349730142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:13.187110901 CEST49730443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:13.187119007 CEST44349730142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:13.242449045 CEST49730443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:13.466150045 CEST44349730142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:13.466229916 CEST44349730142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:13.466264009 CEST49730443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:13.466324091 CEST49730443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:13.474502087 CEST49730443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:13.474512100 CEST44349730142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:13.487835884 CEST49736443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:13.487890959 CEST44349736142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:13.487957954 CEST49736443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:13.488213062 CEST49736443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:13.488234997 CEST44349736142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:14.127104044 CEST44349736142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:14.129477024 CEST49736443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:14.129547119 CEST44349736142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:14.130198002 CEST44349736142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:14.130291939 CEST49736443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:14.131206989 CEST44349736142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:14.131282091 CEST49736443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:14.132431984 CEST49736443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:14.132540941 CEST44349736142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:14.132594109 CEST49736443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:14.172202110 CEST49736443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:14.172276020 CEST44349736142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:14.212403059 CEST49736443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:14.430113077 CEST44349736142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:14.430143118 CEST44349736142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:14.430223942 CEST44349736142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:14.430315971 CEST49736443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:14.430383921 CEST49736443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:14.605408907 CEST49736443192.168.2.4142.250.185.238
                        Oct 4, 2024 09:16:14.605432034 CEST44349736142.250.185.238192.168.2.4
                        Oct 4, 2024 09:16:16.188988924 CEST49740443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:16:16.189035892 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:16.189093113 CEST49740443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:16:16.189323902 CEST49740443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:16:16.189341068 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:16.843838930 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:16.844250917 CEST49740443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:16:16.844295025 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:16.845815897 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:16.845879078 CEST49740443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:16:16.847044945 CEST49740443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:16:16.847135067 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:16.899198055 CEST49740443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:16:16.899240971 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:16.946034908 CEST49740443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:16:18.149226904 CEST49742443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:18.149265051 CEST4434974223.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:18.149327040 CEST49742443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:18.191438913 CEST49742443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:18.191473007 CEST4434974223.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:18.821413040 CEST4434974223.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:18.821517944 CEST49742443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:18.825488091 CEST49742443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:18.825520992 CEST4434974223.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:18.825845003 CEST4434974223.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:18.869750023 CEST49742443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:18.889931917 CEST49742443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:18.931415081 CEST4434974223.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:19.069421053 CEST4434974223.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:19.069519997 CEST4434974223.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:19.069690943 CEST49742443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:19.069788933 CEST4434974223.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:19.069854021 CEST49742443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:19.069854021 CEST49742443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:19.069880009 CEST4434974223.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:19.069900990 CEST4434974223.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:19.193705082 CEST49745443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:19.193747997 CEST4434974523.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:19.193877935 CEST49745443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:19.194268942 CEST49745443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:19.194288015 CEST4434974523.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:19.833209038 CEST4434974523.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:19.833534956 CEST49745443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:19.835510969 CEST49745443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:19.835531950 CEST4434974523.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:19.836342096 CEST4434974523.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:19.837805986 CEST49745443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:19.879431963 CEST4434974523.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:19.954258919 CEST49672443192.168.2.4173.222.162.32
                        Oct 4, 2024 09:16:19.954315901 CEST44349672173.222.162.32192.168.2.4
                        Oct 4, 2024 09:16:19.954545021 CEST49672443192.168.2.4173.222.162.32
                        Oct 4, 2024 09:16:19.954555035 CEST44349672173.222.162.32192.168.2.4
                        Oct 4, 2024 09:16:20.087331057 CEST4434974523.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:20.087532997 CEST4434974523.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:20.087587118 CEST49745443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:20.088493109 CEST49745443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:20.088515997 CEST4434974523.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:20.088526011 CEST49745443192.168.2.423.211.8.90
                        Oct 4, 2024 09:16:20.088532925 CEST4434974523.211.8.90192.168.2.4
                        Oct 4, 2024 09:16:20.330673933 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:20.330741882 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:20.330811024 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:20.332572937 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:20.332604885 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:21.119851112 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:21.120163918 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:21.123519897 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:21.123537064 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:21.123953104 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:21.164414883 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:21.924899101 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:21.971446991 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:22.060129881 CEST4972380192.168.2.493.184.221.240
                        Oct 4, 2024 09:16:22.065861940 CEST804972393.184.221.240192.168.2.4
                        Oct 4, 2024 09:16:22.065972090 CEST4972380192.168.2.493.184.221.240
                        Oct 4, 2024 09:16:22.190351963 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:22.190419912 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:22.190442085 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:22.190562010 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:22.190562010 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:22.190637112 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:22.190675974 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:22.190716982 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:22.190736055 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:22.190767050 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:22.190790892 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:22.190799952 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:22.190850973 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:22.518598080 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:22.518656969 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:22.518732071 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:22.520188093 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:22.520214081 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:22.877109051 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:22.877109051 CEST49750443192.168.2.44.175.87.197
                        Oct 4, 2024 09:16:22.877168894 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:22.877212048 CEST443497504.175.87.197192.168.2.4
                        Oct 4, 2024 09:16:23.158948898 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.159516096 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.159539938 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.159938097 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.160020113 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.160667896 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.160723925 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.161845922 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.161910057 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.162204981 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.162214041 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.214035988 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.481609106 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.481642962 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.481724024 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.481738091 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.481782913 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.481945992 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.481993914 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.487566948 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.487786055 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.494056940 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.494142056 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.494188070 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.494236946 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.500339985 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.500457048 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.506670952 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.506748915 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.506758928 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.506823063 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.570225000 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.570312023 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.570324898 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.570372105 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.571186066 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.571259975 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.577385902 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.577461004 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.577467918 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.577539921 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.584028959 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.584089994 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.590223074 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.590356112 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.590363979 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.596623898 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.596673965 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.596683979 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.602839947 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.602953911 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.602957010 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.603003979 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.603229046 CEST49760443192.168.2.4142.250.184.238
                        Oct 4, 2024 09:16:23.603244066 CEST44349760142.250.184.238192.168.2.4
                        Oct 4, 2024 09:16:23.638331890 CEST49765443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:23.638385057 CEST44349765216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:23.639345884 CEST49765443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:23.639859915 CEST49765443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:23.639872074 CEST44349765216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:23.686903000 CEST49766443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:23.686948061 CEST44349766216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:23.687107086 CEST49766443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:23.687555075 CEST49766443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:23.687568903 CEST44349766216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.313278913 CEST44349766216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.313684940 CEST49766443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.313704967 CEST44349766216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.314079046 CEST44349766216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.314138889 CEST49766443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.314794064 CEST44349766216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.314843893 CEST49766443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.316514015 CEST49766443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.316580057 CEST44349766216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.316792011 CEST49766443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.352353096 CEST44349765216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.353060007 CEST49765443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.353090048 CEST44349765216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.353492975 CEST44349765216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.353560925 CEST49765443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.354228973 CEST44349765216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.354279995 CEST49765443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.359406948 CEST44349766216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.368638992 CEST49766443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.368647099 CEST44349766216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.412416935 CEST49766443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.413007975 CEST49765443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.413216114 CEST44349765216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.413470030 CEST49765443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.413502932 CEST44349765216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.463753939 CEST49765443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.611277103 CEST44349766216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.611829996 CEST44349766216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.611887932 CEST49766443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.611946106 CEST49766443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.611963034 CEST44349766216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.611978054 CEST49766443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.612103939 CEST49766443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.613121033 CEST49771443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.613219023 CEST44349771216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.613328934 CEST49771443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.613491058 CEST49771443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.613526106 CEST44349771216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.651509047 CEST44349765216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.651869059 CEST44349765216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.652038097 CEST49765443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.652089119 CEST49765443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.652106047 CEST44349765216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.652115107 CEST49765443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.652478933 CEST49765443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.652858973 CEST49773443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.652898073 CEST44349773216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:24.652956963 CEST49773443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.653259039 CEST49773443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:24.653274059 CEST44349773216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.313005924 CEST44349773216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.313314915 CEST49773443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.313379049 CEST44349773216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.313895941 CEST44349773216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.313967943 CEST49773443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.314894915 CEST44349773216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.314961910 CEST49773443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.315141916 CEST49773443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.315221071 CEST44349773216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.315268040 CEST49773443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.315268040 CEST49773443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.315287113 CEST44349773216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.341259003 CEST44349771216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.341574907 CEST49771443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.341629028 CEST44349771216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.342202902 CEST44349771216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.342274904 CEST49771443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.343149900 CEST44349771216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.343250990 CEST49771443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.343432903 CEST49771443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.343518019 CEST44349771216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.343643904 CEST49771443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.343663931 CEST44349771216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.343691111 CEST49771443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.369146109 CEST49773443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.369177103 CEST44349773216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.384345055 CEST49771443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.384377956 CEST44349771216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.415067911 CEST49773443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.529278994 CEST49740443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:16:25.534778118 CEST44349773216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.536081076 CEST44349773216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.536169052 CEST49773443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.536899090 CEST49773443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.536922932 CEST44349773216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.561362028 CEST44349771216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.561471939 CEST44349771216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.561688900 CEST49771443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.562367916 CEST49771443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:25.562418938 CEST44349771216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:25.571405888 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:25.798290968 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:25.798355103 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:25.798402071 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:25.798435926 CEST49740443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:16:25.798453093 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:25.798507929 CEST49740443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:16:25.798515081 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:25.798607111 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:25.798652887 CEST49740443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:16:25.799552917 CEST49740443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:16:25.799565077 CEST44349740142.250.181.228192.168.2.4
                        Oct 4, 2024 09:16:31.624578953 CEST49780443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:31.624619007 CEST44349780216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:31.624902964 CEST49780443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:31.625978947 CEST49780443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:31.626002073 CEST44349780216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:32.265072107 CEST44349780216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:32.265304089 CEST49780443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:32.265321016 CEST44349780216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:32.265685081 CEST44349780216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:32.265955925 CEST49780443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:32.266016960 CEST44349780216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:32.266098022 CEST49780443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:32.266115904 CEST49780443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:32.266149998 CEST44349780216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:32.575788021 CEST44349780216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:32.576416016 CEST44349780216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:32.576497078 CEST49780443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:32.577620983 CEST49780443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:32.577639103 CEST44349780216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:54.621840954 CEST49781443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:54.621874094 CEST44349781216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:54.622037888 CEST49781443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:54.622634888 CEST49781443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:54.622647047 CEST44349781216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:54.918951035 CEST49782443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:54.918981075 CEST44349782216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:54.919125080 CEST49782443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:54.919529915 CEST49782443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:54.919543982 CEST44349782216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:54.920938015 CEST49783443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:54.920986891 CEST44349783216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:54.921060085 CEST49783443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:54.921379089 CEST49783443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:54.921396971 CEST44349783216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.286351919 CEST44349781216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.286788940 CEST49781443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.286808968 CEST44349781216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.288064003 CEST44349781216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.288383961 CEST49781443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.288552999 CEST44349781216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.288567066 CEST49781443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.288594961 CEST49781443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.288636923 CEST44349781216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.336596012 CEST49781443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.557920933 CEST44349783216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.558290958 CEST49783443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.558326960 CEST44349783216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.558872938 CEST44349783216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.558954000 CEST49783443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.559900999 CEST44349783216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.559971094 CEST49783443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.560105085 CEST49783443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.560201883 CEST44349783216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.560266018 CEST49783443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.560288906 CEST49783443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.560302019 CEST44349783216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.564884901 CEST44349782216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.565107107 CEST49782443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.565129042 CEST44349782216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.566714048 CEST44349782216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.567025900 CEST49782443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.567187071 CEST49782443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.567193985 CEST44349782216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.567207098 CEST49782443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.567214012 CEST44349782216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.590869904 CEST44349781216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.591787100 CEST44349781216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.591861010 CEST49781443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.592180014 CEST49781443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.592205048 CEST44349781216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.602802992 CEST49783443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.607481003 CEST44349782216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.617758036 CEST49782443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.861283064 CEST44349783216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.861782074 CEST44349783216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.862010956 CEST49783443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.862227917 CEST49783443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.862248898 CEST44349783216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.864311934 CEST44349782216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.865447998 CEST44349782216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:55.865531921 CEST49782443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.865613937 CEST49782443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:16:55.865636110 CEST44349782216.58.206.46192.168.2.4
                        Oct 4, 2024 09:16:59.169466019 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:16:59.169502974 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:16:59.169686079 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:16:59.174242020 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:16:59.174271107 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:16:59.382246017 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:16:59.382369041 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:16:59.382467985 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:16:59.382947922 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:16:59.382987976 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:16:59.817564011 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:16:59.817636967 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:16:59.823098898 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:16:59.823113918 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:16:59.823520899 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:16:59.832978010 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:16:59.875427961 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:16:59.930605888 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:16:59.930639029 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:16:59.930661917 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:16:59.930705070 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:16:59.930742025 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:16:59.930763006 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:16:59.930799961 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.015665054 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.015686989 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.015778065 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.015790939 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.015834093 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.017426014 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.017445087 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.017498970 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.017505884 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.017559052 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.070462942 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:17:00.070554018 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:17:00.073465109 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:17:00.073498964 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:17:00.073915005 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:17:00.082551956 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:17:00.102530956 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.102571964 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.102617025 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.102665901 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.102683067 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.102714062 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.102969885 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.102992058 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.103032112 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.103040934 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.103065968 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.103097916 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.103756905 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.103781939 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.103821039 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.103830099 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.103857040 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.103888035 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.104614973 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.104636908 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.104676962 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.104686022 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.104703903 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.104722977 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.127413034 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:17:00.189935923 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.189971924 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.190114975 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.190151930 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.190186977 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.190207005 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.190836906 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.190855980 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.190898895 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.190911055 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.190927982 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.191329002 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.191351891 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.191392899 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.191401005 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.191418886 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.192249060 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.192266941 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.192310095 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.192322016 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.192336082 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.192960978 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.192984104 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.193012953 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.193022013 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.193036079 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.193205118 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.193262100 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.193270922 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.193289995 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.193319082 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.193355083 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.193392992 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.193408966 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.193422079 CEST49784443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.193428993 CEST4434978413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.229470968 CEST49786443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.229504108 CEST4434978613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.229587078 CEST49786443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.231404066 CEST49787443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.231450081 CEST4434978713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.231499910 CEST49788443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.231528044 CEST49787443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.231564999 CEST49786443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.231583118 CEST4434978613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.231587887 CEST4434978813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.232498884 CEST49789443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.232532978 CEST4434978913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.232578039 CEST49789443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.232660055 CEST49788443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.232660055 CEST49788443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.232835054 CEST4434978813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.233122110 CEST49789443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.233138084 CEST4434978913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.233141899 CEST49787443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.233186960 CEST4434978713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.233611107 CEST49790443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.233618975 CEST4434979013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.233678102 CEST49790443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.233762980 CEST49790443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.233769894 CEST4434979013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.337081909 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:17:00.337111950 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:17:00.337220907 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:17:00.337258101 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:17:00.337349892 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:17:00.337390900 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:17:00.337414980 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:17:00.337522984 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:17:00.337596893 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:17:00.337613106 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:17:00.337682962 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:17:00.337838888 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:17:00.337896109 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:17:00.337898016 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:17:00.337970018 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:17:00.343238115 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:17:00.343272924 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:17:00.343297958 CEST49785443192.168.2.4172.202.163.200
                        Oct 4, 2024 09:17:00.343319893 CEST44349785172.202.163.200192.168.2.4
                        Oct 4, 2024 09:17:00.871483088 CEST4434978713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.872174978 CEST49787443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.872210026 CEST4434978713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.872585058 CEST49787443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.872613907 CEST4434978713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.873790979 CEST4434978913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.874079943 CEST49789443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.874109983 CEST4434978913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.874357939 CEST49789443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.874363899 CEST4434978913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.879528046 CEST4434979013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.879837990 CEST4434978813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.879861116 CEST4434978613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.879885912 CEST49790443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.879903078 CEST4434979013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.880058050 CEST49790443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.880063057 CEST4434979013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.880148888 CEST49788443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.880213022 CEST4434978813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.880341053 CEST49786443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.880386114 CEST4434978613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.880592108 CEST49788443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.880650043 CEST4434978813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.881001949 CEST49786443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.881015062 CEST4434978613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.971044064 CEST4434978713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.971210003 CEST4434978713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.971425056 CEST49787443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.971471071 CEST49787443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.971471071 CEST49787443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.971493959 CEST4434978713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.971508980 CEST4434978713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.973227024 CEST4434978913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.973262072 CEST4434978913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.973349094 CEST49789443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.973371983 CEST4434978913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.973613977 CEST49789443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.973615885 CEST4434978913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.973634005 CEST49789443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.973647118 CEST4434978913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.973654032 CEST4434978913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.973681927 CEST49789443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.973689079 CEST4434978913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.975078106 CEST49791443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.975172043 CEST4434979113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.976207972 CEST49791443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.976269960 CEST49792443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.976363897 CEST4434979213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.976367950 CEST49791443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.976392031 CEST4434979113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.976491928 CEST49792443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.976624966 CEST49792443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.976649046 CEST4434979213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.981544018 CEST4434979013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.981551886 CEST4434978813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.981611967 CEST4434978813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.981612921 CEST4434978613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.981641054 CEST4434978613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.981698036 CEST4434979013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.981739998 CEST49786443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.981748104 CEST4434978813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.981755972 CEST49790443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.981780052 CEST4434978613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.981837034 CEST49788443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.981844902 CEST49786443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.981837034 CEST49788443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.981923103 CEST49790443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.981933117 CEST4434979013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.981945992 CEST49790443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.981951952 CEST4434979013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.981982946 CEST49786443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.981995106 CEST4434978613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.982043982 CEST49786443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.982187986 CEST4434978613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.982229948 CEST4434978613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.982292891 CEST49786443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.982789040 CEST49788443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.982839108 CEST4434978813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.982873917 CEST49788443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.982891083 CEST4434978813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.985259056 CEST49793443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.985354900 CEST4434979313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.985455990 CEST49793443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.985816002 CEST49794443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.985838890 CEST4434979413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.985924959 CEST49794443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.985985994 CEST49793443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.986021042 CEST4434979313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.986136913 CEST49794443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.986161947 CEST4434979413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.986222029 CEST49795443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.986311913 CEST4434979513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:00.986408949 CEST49795443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.986555099 CEST49795443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:00.986594915 CEST4434979513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.618428946 CEST4434979113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.633259058 CEST4434979513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.638288975 CEST4434979313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.647403955 CEST4434979213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.653928995 CEST4434979413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.660697937 CEST49794443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.660732031 CEST49791443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.660761118 CEST4434979413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.661140919 CEST49795443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.661185980 CEST4434979513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.661596060 CEST49793443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.661596060 CEST49794443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.661617994 CEST4434979313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.661650896 CEST4434979413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.661950111 CEST49793443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.661959887 CEST4434979313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.662247896 CEST49791443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.662270069 CEST4434979113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.662427902 CEST49795443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.662436008 CEST4434979513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.662676096 CEST49791443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.662691116 CEST4434979113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.662782907 CEST49792443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.662790060 CEST4434979213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.663450003 CEST49792443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.663455963 CEST4434979213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.757803917 CEST4434979513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.757994890 CEST4434979513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.758085966 CEST49795443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.758169889 CEST4434979313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.758321047 CEST4434979313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.758344889 CEST4434979113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.758421898 CEST4434979113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.758419991 CEST49793443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.758476973 CEST49791443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.760761976 CEST4434979413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.760838032 CEST4434979413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.760884047 CEST49794443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.762223959 CEST4434979213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.762299061 CEST4434979213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.762343884 CEST49792443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.832148075 CEST49795443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.832148075 CEST49795443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.832221031 CEST4434979513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.832257986 CEST4434979513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.839997053 CEST49792443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.840027094 CEST4434979213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.840054035 CEST49792443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.840070009 CEST4434979213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.863677025 CEST49793443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.863748074 CEST4434979313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.864850998 CEST49791443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.864850998 CEST49791443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.864898920 CEST4434979113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.864938974 CEST4434979113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.865598917 CEST49794443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.865600109 CEST49794443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.865636110 CEST4434979413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.865663052 CEST4434979413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.895853996 CEST49796443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.895889997 CEST4434979613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.895957947 CEST49796443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.904979944 CEST49797443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.905035019 CEST4434979713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.905105114 CEST49797443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.906028986 CEST49798443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.906039000 CEST4434979813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.906092882 CEST49798443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.906825066 CEST49799443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.906838894 CEST4434979913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.906894922 CEST49799443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.907942057 CEST49800443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.907994032 CEST4434980013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.908052921 CEST49800443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.909502983 CEST49800443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.909535885 CEST4434980013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.909631968 CEST49796443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.909646988 CEST4434979613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.910039902 CEST49797443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.910056114 CEST4434979713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.910343885 CEST49798443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.910355091 CEST4434979813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:01.910900116 CEST49799443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:01.910912037 CEST4434979913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.487467051 CEST4434980013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.488130093 CEST49800443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.488162994 CEST4434980013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.488543987 CEST49800443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.488550901 CEST4434980013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.491993904 CEST4434979613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.492305994 CEST49796443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.492336035 CEST4434979613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.492665052 CEST49796443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.492672920 CEST4434979613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.572101116 CEST4434979713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.572530031 CEST49797443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.572551012 CEST4434979713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.572989941 CEST49797443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.572997093 CEST4434979713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.575588942 CEST4434979813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.575908899 CEST49798443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.575916052 CEST4434979813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.576235056 CEST49798443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.576240063 CEST4434979813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.588244915 CEST4434980013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.588309050 CEST4434980013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.588370085 CEST49800443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.588500977 CEST49800443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.588524103 CEST4434980013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.588540077 CEST49800443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.588547945 CEST4434980013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.590645075 CEST4434979913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.591017962 CEST49799443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.591027975 CEST4434979913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.591114998 CEST49801443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.591190100 CEST4434980113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.591274977 CEST49801443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.591439962 CEST49799443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.591439962 CEST49801443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.591447115 CEST4434979913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.591476917 CEST4434980113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.592297077 CEST4434979613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.592441082 CEST4434979613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.592529058 CEST49796443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.592714071 CEST49796443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.592740059 CEST4434979613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.592753887 CEST49796443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.592761993 CEST4434979613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.595177889 CEST49802443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.595201015 CEST4434980213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.595289946 CEST49802443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.595451117 CEST49802443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.595478058 CEST4434980213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.670053005 CEST4434979713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.670218945 CEST4434979713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.670284986 CEST49797443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.670350075 CEST49797443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.670382977 CEST4434979713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.670398951 CEST49797443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.670406103 CEST4434979713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.673240900 CEST49803443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.673305035 CEST4434980313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.673383951 CEST49803443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.673528910 CEST49803443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.673552036 CEST4434980313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.676578045 CEST4434979813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.676651955 CEST4434979813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.676702023 CEST49798443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.676767111 CEST49798443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.676773071 CEST4434979813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.676809072 CEST49798443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.676814079 CEST4434979813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.679302931 CEST49804443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.679325104 CEST4434980413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.679410934 CEST49804443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.679632902 CEST49804443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.679649115 CEST4434980413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.717830896 CEST4434979913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.717924118 CEST4434979913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.717978954 CEST49799443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.718040943 CEST49799443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.718060970 CEST4434979913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.718074083 CEST49799443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.718080997 CEST4434979913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.719866991 CEST49805443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.719902039 CEST4434980513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:02.719974041 CEST49805443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.720081091 CEST49805443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:02.720102072 CEST4434980513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.237616062 CEST4434980113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.238071918 CEST49801443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.238125086 CEST4434980113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.238507032 CEST49801443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.238519907 CEST4434980113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.264264107 CEST4434980213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.264785051 CEST49802443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.264802933 CEST4434980213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.265062094 CEST49802443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.265073061 CEST4434980213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.327313900 CEST4434980313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.327832937 CEST49803443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.327867985 CEST4434980313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.328155994 CEST49803443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.328162909 CEST4434980313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.328972101 CEST4434980413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.329294920 CEST49804443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.329312086 CEST4434980413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.329678059 CEST49804443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.329683065 CEST4434980413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.337001085 CEST4434980113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.337081909 CEST4434980113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.337142944 CEST49801443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.337764025 CEST49801443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.337801933 CEST4434980113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.337830067 CEST49801443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.337846041 CEST4434980113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.340262890 CEST49806443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.340282917 CEST4434980613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.340372086 CEST49806443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.340471029 CEST49806443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.340477943 CEST4434980613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.364283085 CEST4434980213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.364340067 CEST4434980213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.364407063 CEST49802443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.364542007 CEST49802443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.364562035 CEST4434980213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.364586115 CEST49802443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.364598036 CEST4434980213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.366955042 CEST49807443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.366988897 CEST4434980713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.367057085 CEST49807443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.367266893 CEST49807443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.367280006 CEST4434980713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.373178005 CEST4434980513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.373547077 CEST49805443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.373579979 CEST4434980513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.373965979 CEST49805443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.373972893 CEST4434980513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.425463915 CEST4434980313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.425672054 CEST4434980313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.425749063 CEST49803443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.425847054 CEST49803443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.425873995 CEST4434980313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.425889969 CEST49803443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.425899982 CEST4434980313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.429090023 CEST49808443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.429136992 CEST4434980813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.429250002 CEST49808443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.429373980 CEST49808443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.429394007 CEST4434980813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.456281900 CEST4434980413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.456427097 CEST4434980413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.456645966 CEST49804443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.456646919 CEST49804443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.457587957 CEST49804443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.457613945 CEST4434980413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.459363937 CEST49809443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.459414959 CEST4434980913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.459482908 CEST49809443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.459611893 CEST49809443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.459625959 CEST4434980913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.473057032 CEST4434980513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.473133087 CEST4434980513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.473211050 CEST49805443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.473289013 CEST49805443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.473306894 CEST4434980513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.473345995 CEST49805443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.473354101 CEST4434980513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.475431919 CEST49810443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.475444078 CEST4434981013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:03.475526094 CEST49810443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.475667953 CEST49810443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:03.475680113 CEST4434981013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.002866983 CEST4434980713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.003370047 CEST49807443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.003403902 CEST4434980713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.003948927 CEST49807443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.003953934 CEST4434980713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.044997931 CEST4434980613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.046031952 CEST49806443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.046066999 CEST4434980613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.046376944 CEST49806443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.046384096 CEST4434980613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.083762884 CEST4434980813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.084378004 CEST49808443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.084413052 CEST4434980813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.084732056 CEST49808443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.084738970 CEST4434980813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.117116928 CEST4434980713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.117275953 CEST4434980713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.117341995 CEST49807443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.117630959 CEST49807443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.117649078 CEST4434980713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.117660046 CEST49807443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.117666006 CEST4434980713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.120111942 CEST49811443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.120145082 CEST4434981113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.120222092 CEST49811443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.120362997 CEST49811443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.120377064 CEST4434981113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.144931078 CEST4434981013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.148094893 CEST49810443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.148113966 CEST4434981013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.148565054 CEST49810443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.148570061 CEST4434981013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.150576115 CEST4434980613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.150651932 CEST4434980613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.150719881 CEST49806443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.152234077 CEST49806443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.152252913 CEST4434980613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.152271986 CEST49806443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.152278900 CEST4434980613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.153512955 CEST4434980913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.154731989 CEST49812443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.154814005 CEST4434981213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.154993057 CEST49809443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.155009031 CEST4434980913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.155036926 CEST49812443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.155488968 CEST49809443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.155493975 CEST4434980913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.155692101 CEST49812443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.155726910 CEST4434981213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.185014009 CEST4434980813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.185158968 CEST4434980813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.185292006 CEST49808443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.245465994 CEST4434981013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.245548010 CEST4434981013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.245614052 CEST49810443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.259696007 CEST4434980913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.259768963 CEST4434980913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.259862900 CEST49809443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.299148083 CEST49808443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.299170971 CEST4434980813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.299272060 CEST49808443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.299280882 CEST4434980813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.308237076 CEST49810443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.308252096 CEST4434981013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.308262110 CEST49810443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.308265924 CEST4434981013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.318474054 CEST49809443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.318479061 CEST4434980913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.318532944 CEST49809443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.318536043 CEST4434980913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.346971035 CEST49813443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.347065926 CEST4434981313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.347167015 CEST49813443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.347459078 CEST49813443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.347497940 CEST4434981313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.348119020 CEST49814443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.348130941 CEST4434981413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.348190069 CEST49814443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.381939888 CEST49815443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.382006884 CEST49814443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.382055044 CEST4434981513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.382093906 CEST4434981413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.382153988 CEST49815443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.382534027 CEST49815443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.382572889 CEST4434981513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.758655071 CEST4434981113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.759413958 CEST49811443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.759449005 CEST4434981113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.759777069 CEST49811443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.759784937 CEST4434981113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.830883026 CEST4434981213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.831427097 CEST49812443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.831470013 CEST4434981213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.831726074 CEST49812443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.831738949 CEST4434981213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.859319925 CEST4434981113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.859503031 CEST4434981113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.859616041 CEST49811443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.859774113 CEST49811443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.859774113 CEST49811443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.859798908 CEST4434981113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.859812975 CEST4434981113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.862318039 CEST49816443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.862364054 CEST4434981613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.862484932 CEST49816443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.862621069 CEST49816443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.862637997 CEST4434981613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.935703039 CEST4434981213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.935791016 CEST4434981213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.935929060 CEST49812443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.935973883 CEST49812443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.935973883 CEST49812443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.935992956 CEST4434981213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.936005116 CEST4434981213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.938333988 CEST49817443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.938371897 CEST4434981713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:04.938462973 CEST49817443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.938574076 CEST49817443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:04.938587904 CEST4434981713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.014672041 CEST4434981313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.015902996 CEST49813443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.015970945 CEST4434981313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.016294003 CEST49813443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.016310930 CEST4434981313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.020093918 CEST4434981513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.021830082 CEST49815443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.021884918 CEST4434981513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.022186041 CEST49815443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.022200108 CEST4434981513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.045380116 CEST4434981413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.045836926 CEST49814443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.045870066 CEST4434981413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.046207905 CEST49814443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.046233892 CEST4434981413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.137713909 CEST4434981313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.137862921 CEST4434981313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.138041973 CEST49813443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.138098001 CEST49813443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.138098001 CEST49813443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.138137102 CEST4434981313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.138161898 CEST4434981313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.138720989 CEST4434981513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.138792038 CEST4434981513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.138848066 CEST49815443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.138943911 CEST49815443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.138986111 CEST4434981513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.139012098 CEST49815443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.139029026 CEST4434981513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.140739918 CEST49818443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.140794039 CEST4434981813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.140842915 CEST49819443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.140858889 CEST49818443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.140880108 CEST4434981913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.140933990 CEST49819443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.140984058 CEST49818443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.141005993 CEST4434981813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.141077995 CEST49819443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.141097069 CEST4434981913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.147051096 CEST4434981413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.147138119 CEST4434981413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.147195101 CEST49814443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.147227049 CEST49814443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.147227049 CEST49814443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.147243977 CEST4434981413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.147264004 CEST4434981413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.149329901 CEST49820443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.149388075 CEST4434982013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.149467945 CEST49820443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.149604082 CEST49820443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.149636030 CEST4434982013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.505990028 CEST4434981613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.506726027 CEST49816443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.506758928 CEST4434981613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.507107019 CEST49816443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.507112980 CEST4434981613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.586194992 CEST4434981713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.586606979 CEST49817443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.586631060 CEST4434981713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.587418079 CEST49817443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.587424040 CEST4434981713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.605107069 CEST4434981613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.605262041 CEST4434981613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.605324030 CEST49816443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.605392933 CEST49816443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.605413914 CEST4434981613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.605427027 CEST49816443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.605434895 CEST4434981613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.607862949 CEST49821443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.607920885 CEST4434982113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.608006954 CEST49821443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.608110905 CEST49821443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.608124018 CEST4434982113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.720052004 CEST4434981713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.720129967 CEST4434981713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.720187902 CEST49817443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.720312119 CEST49817443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.720330000 CEST4434981713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.720355988 CEST49817443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.720370054 CEST4434981713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.723098040 CEST49822443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.723140955 CEST4434982213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.723215103 CEST49822443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.723336935 CEST49822443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.723356962 CEST4434982213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.796168089 CEST4434981813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.796675920 CEST49818443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.796717882 CEST4434981813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.797259092 CEST49818443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.797267914 CEST4434981813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.799346924 CEST4434982013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.799700975 CEST49820443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.799732924 CEST4434982013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.800167084 CEST49820443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.800180912 CEST4434982013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.817043066 CEST4434981913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.817466974 CEST49819443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.817488909 CEST4434981913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.817766905 CEST49819443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.817775011 CEST4434981913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.897663116 CEST4434981813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.897735119 CEST4434981813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.897922993 CEST49818443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.898019075 CEST49818443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.898041010 CEST4434981813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.898055077 CEST49818443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.898062944 CEST4434981813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.900742054 CEST4434982013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.900813103 CEST4434982013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.900863886 CEST49820443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.900974989 CEST49820443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.901000023 CEST4434982013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.901016951 CEST49820443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.901026011 CEST4434982013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.902158976 CEST49823443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.902189016 CEST4434982313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.902251959 CEST49823443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.902396917 CEST49823443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.902407885 CEST4434982313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.903346062 CEST49824443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.903357983 CEST4434982413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.903420925 CEST49824443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.903592110 CEST49824443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.903606892 CEST4434982413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.923799038 CEST4434981913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.923883915 CEST4434981913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.924036026 CEST49819443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.924073935 CEST49819443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.924074888 CEST49819443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.924092054 CEST4434981913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.924103022 CEST4434981913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.926161051 CEST49825443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.926206112 CEST4434982513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:05.926295042 CEST49825443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.926424026 CEST49825443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:05.926439047 CEST4434982513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.467596054 CEST4434982213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.469548941 CEST4434982113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.476221085 CEST49822443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.476255894 CEST4434982213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.476739883 CEST49822443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.476747990 CEST4434982213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.477035999 CEST49821443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.477051020 CEST4434982113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.477390051 CEST49821443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.477396011 CEST4434982113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.584877014 CEST4434982213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.584935904 CEST4434982213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.585032940 CEST49822443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.585222006 CEST49822443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.585243940 CEST4434982213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.585257053 CEST49822443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.585264921 CEST4434982213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.587975979 CEST49826443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.588001966 CEST4434982613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.588076115 CEST49826443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.588196993 CEST49826443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.588206053 CEST4434982613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.590749025 CEST4434982113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.590888977 CEST4434982113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.590945959 CEST49821443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.590972900 CEST49821443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.590979099 CEST4434982113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.591012001 CEST49821443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.591017008 CEST4434982113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.592704058 CEST49827443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.592777967 CEST4434982713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.592860937 CEST49827443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.592961073 CEST49827443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.592987061 CEST4434982713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.656564951 CEST4434982313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.657087088 CEST49823443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.657123089 CEST4434982313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.657928944 CEST4434982513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.664947987 CEST49823443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.664959908 CEST4434982313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.666085005 CEST49825443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.666110039 CEST4434982513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.666214943 CEST4434982413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.666553020 CEST49825443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.666560888 CEST4434982513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.686202049 CEST49824443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.686235905 CEST4434982413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.686688900 CEST49824443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.686700106 CEST4434982413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.759479046 CEST4434982313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.759635925 CEST4434982313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.759748936 CEST49823443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.762269020 CEST4434982513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.762351036 CEST4434982513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.762407064 CEST49825443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.786329031 CEST4434982413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.786499023 CEST4434982413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.786566019 CEST49824443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.835764885 CEST49823443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.835766077 CEST49823443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.835798025 CEST4434982313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.835824013 CEST4434982313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.837323904 CEST49825443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.837323904 CEST49825443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.837378025 CEST4434982513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.837398052 CEST4434982513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.842977047 CEST49824443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.842977047 CEST49824443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.842993975 CEST4434982413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.843014956 CEST4434982413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.846918106 CEST49828443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.846959114 CEST4434982813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.847043991 CEST49828443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.847784042 CEST49829443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.847881079 CEST4434982913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.847914934 CEST49830443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.847935915 CEST4434983013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.847961903 CEST49829443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.848016977 CEST49828443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.848028898 CEST49830443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.848036051 CEST4434982813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.848228931 CEST49829443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.848257065 CEST4434982913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:06.848325014 CEST49830443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:06.848351955 CEST4434983013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.255245924 CEST4434982613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.255819082 CEST49826443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.255863905 CEST4434982613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.256223917 CEST49826443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.256231070 CEST4434982613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.273838997 CEST4434982713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.274259090 CEST49827443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.274323940 CEST4434982713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.274611950 CEST49827443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.274626017 CEST4434982713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.357281923 CEST4434982613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.357350111 CEST4434982613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.357512951 CEST49826443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.357625961 CEST49826443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.357654095 CEST4434982613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.357670069 CEST49826443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.357677937 CEST4434982613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.360688925 CEST49831443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.360744953 CEST4434983113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.360862970 CEST49831443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.361030102 CEST49831443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.361057043 CEST4434983113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.378555059 CEST4434982713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.378704071 CEST4434982713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.378777981 CEST49827443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.378835917 CEST49827443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.378835917 CEST49827443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.378871918 CEST4434982713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.378895998 CEST4434982713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.381395102 CEST49832443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.381448030 CEST4434983213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.381553888 CEST49832443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.381685019 CEST49832443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.381704092 CEST4434983213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.487433910 CEST4434982913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.488135099 CEST49829443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.488179922 CEST4434982913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.489763021 CEST49829443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.489770889 CEST4434982913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.492990971 CEST4434982813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.495786905 CEST49828443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.495815992 CEST4434982813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.495901108 CEST4434983013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.497251034 CEST49828443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.497261047 CEST4434982813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.498269081 CEST49830443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.498279095 CEST4434983013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.498812914 CEST49830443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.498823881 CEST4434983013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.585968018 CEST4434982913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.586117983 CEST4434982913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.586214066 CEST49829443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.586298943 CEST49829443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.586348057 CEST4434982913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.586385012 CEST49829443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.586400986 CEST4434982913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.589251041 CEST49833443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.589337111 CEST4434983313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.589484930 CEST49833443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.589639902 CEST49833443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.589675903 CEST4434983313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.592480898 CEST4434982813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.592639923 CEST4434982813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.592699051 CEST49828443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.592732906 CEST49828443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.592751026 CEST4434982813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.592766047 CEST49828443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.592772007 CEST4434982813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.595119953 CEST49834443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.595143080 CEST4434983413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.595216036 CEST49834443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.595350027 CEST49834443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.595374107 CEST4434983413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.596330881 CEST4434983013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.596407890 CEST4434983013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.596466064 CEST49830443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.596657991 CEST49830443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.596658945 CEST49830443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.596688032 CEST4434983013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.596712112 CEST4434983013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.598742962 CEST49835443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.598786116 CEST4434983513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:07.598846912 CEST49835443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.598984957 CEST49835443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:07.599001884 CEST4434983513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.034513950 CEST4434983113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.035139084 CEST49831443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.035187006 CEST4434983113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.035756111 CEST49831443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.035765886 CEST4434983113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.059078932 CEST4434983213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.059567928 CEST49832443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.059591055 CEST4434983213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.060058117 CEST49832443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.060096025 CEST4434983213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.141168118 CEST4434983113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.141308069 CEST4434983113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.141483068 CEST49831443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.141561985 CEST49831443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.141585112 CEST4434983113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.141604900 CEST49831443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.141613007 CEST4434983113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.144967079 CEST49836443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.145024061 CEST4434983613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.145111084 CEST49836443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.145347118 CEST49836443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.145375967 CEST4434983613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.165246010 CEST4434983213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.165421963 CEST4434983213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.165509939 CEST49832443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.165689945 CEST49832443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.165709972 CEST4434983213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.165723085 CEST49832443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.165730953 CEST4434983213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.169310093 CEST49837443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.169343948 CEST4434983713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.169423103 CEST49837443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.169585943 CEST49837443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.169600010 CEST4434983713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.255934954 CEST4434983513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.256633997 CEST49835443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.256650925 CEST4434983513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.257209063 CEST49835443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.257215023 CEST4434983513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.259677887 CEST4434983313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.260173082 CEST49833443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.260209084 CEST4434983313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.260763884 CEST49833443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.260777950 CEST4434983313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.272830009 CEST4434983413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.273264885 CEST49834443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.273279905 CEST4434983413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.273878098 CEST49834443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.273905993 CEST4434983413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.357822895 CEST4434983513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.357898951 CEST4434983513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.357964039 CEST49835443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.358130932 CEST49835443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.358149052 CEST4434983513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.358160973 CEST49835443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.358166933 CEST4434983513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.362498045 CEST49838443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.362539053 CEST4434983813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.362611055 CEST49838443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.362838030 CEST49838443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.362854004 CEST4434983813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.362951040 CEST4434983313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.363082886 CEST4434983313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.363146067 CEST49833443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.363203049 CEST49833443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.363246918 CEST4434983313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.363275051 CEST49833443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.363291025 CEST4434983313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.366132975 CEST49839443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.366200924 CEST4434983913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.366286993 CEST49839443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.366462946 CEST49839443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.366489887 CEST4434983913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.374979019 CEST4434983413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.375190020 CEST4434983413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.375266075 CEST49834443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.375344038 CEST49834443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.375356913 CEST4434983413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.375401020 CEST49834443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.375412941 CEST4434983413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.378180027 CEST49840443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.378243923 CEST4434984013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.378329992 CEST49840443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.378514051 CEST49840443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.378546953 CEST4434984013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.815779924 CEST4434983613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.816339016 CEST49836443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.816365957 CEST4434983613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.816796064 CEST49836443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.816804886 CEST4434983613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.835077047 CEST4434983713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.835483074 CEST49837443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.835500956 CEST4434983713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.835872889 CEST49837443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.835877895 CEST4434983713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.920070887 CEST4434983613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.920222044 CEST4434983613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.920300007 CEST49836443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.920406103 CEST49836443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.920433044 CEST4434983613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.920454025 CEST49836443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.920463085 CEST4434983613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.923219919 CEST49841443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.923325062 CEST4434984113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.923511982 CEST49841443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.923631907 CEST49841443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.923666000 CEST4434984113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.943820000 CEST4434983713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.943883896 CEST4434983713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.943958044 CEST49837443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.944067955 CEST49837443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.944083929 CEST4434983713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.944094896 CEST49837443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.944098949 CEST4434983713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.948016882 CEST49842443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.948054075 CEST4434984213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:08.948132038 CEST49842443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.948261023 CEST49842443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:08.948278904 CEST4434984213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.011169910 CEST4434983813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.011873007 CEST49838443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.011900902 CEST4434983813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.012137890 CEST49838443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.012161970 CEST4434983813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.018908978 CEST4434984013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.019254923 CEST49840443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.019328117 CEST4434984013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.019644976 CEST49840443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.019660950 CEST4434984013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.035734892 CEST4434983913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.036205053 CEST49839443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.036226034 CEST4434983913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.037348986 CEST49839443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.037353992 CEST4434983913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.113158941 CEST4434983813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.113215923 CEST4434983813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.113297939 CEST49838443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.113480091 CEST49838443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.113516092 CEST4434983813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.113527060 CEST49838443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.113532066 CEST4434983813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.116605997 CEST49843443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.116689920 CEST4434984313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.116817951 CEST49843443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.116974115 CEST49843443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.117010117 CEST4434984313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.118916988 CEST4434984013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.119075060 CEST4434984013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.119153976 CEST49840443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.119199038 CEST49840443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.119199038 CEST49840443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.119225025 CEST4434984013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.119246960 CEST4434984013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.121706009 CEST49844443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.121741056 CEST4434984413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.121817112 CEST49844443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.121959925 CEST49844443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.121978045 CEST4434984413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.142126083 CEST4434983913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.142260075 CEST4434983913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.142324924 CEST49839443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.142410994 CEST49839443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.142438889 CEST4434983913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.142455101 CEST49839443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.142466068 CEST4434983913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.144474983 CEST49845443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.144515038 CEST4434984513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.144586086 CEST49845443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.144701004 CEST49845443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.144718885 CEST4434984513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.584044933 CEST4434984213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.586419106 CEST49842443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.586447954 CEST4434984213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.587153912 CEST49842443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.587161064 CEST4434984213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.605074883 CEST4434984113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.605510950 CEST49841443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.605530024 CEST4434984113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.606057882 CEST49841443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.606064081 CEST4434984113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.684623003 CEST4434984213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.684782982 CEST4434984213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.684847116 CEST49842443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.684895039 CEST49842443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.684919119 CEST4434984213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.684937954 CEST49842443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.684946060 CEST4434984213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.687598944 CEST49846443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.687673092 CEST4434984613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.687758923 CEST49846443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.687903881 CEST49846443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.687937021 CEST4434984613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.710117102 CEST4434984113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.710278034 CEST4434984113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.710341930 CEST49841443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.710376978 CEST49841443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.710393906 CEST4434984113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.710407019 CEST49841443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.710413933 CEST4434984113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.713022947 CEST49847443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.713074923 CEST4434984713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.713160992 CEST49847443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.713284016 CEST49847443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.713299036 CEST4434984713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.756032944 CEST4434984313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.756434917 CEST49843443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.756470919 CEST4434984313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.756905079 CEST49843443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.756911039 CEST4434984313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.777079105 CEST4434984513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.777431965 CEST49845443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.777487040 CEST4434984513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.777803898 CEST49845443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.777817965 CEST4434984513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.787632942 CEST4434984413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.787914991 CEST49844443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.787946939 CEST4434984413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.788239002 CEST49844443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.788245916 CEST4434984413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.856723070 CEST4434984313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.856878042 CEST4434984313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.856960058 CEST49843443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.857093096 CEST49843443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.857132912 CEST4434984313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.857204914 CEST49843443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.857223034 CEST4434984313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.859689951 CEST49848443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.859729052 CEST4434984813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.859808922 CEST49848443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.859922886 CEST49848443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.859937906 CEST4434984813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.880162954 CEST4434984513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.880261898 CEST4434984513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.880321980 CEST49845443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.880428076 CEST49845443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.880469084 CEST4434984513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.880496979 CEST49845443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.880512953 CEST4434984513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.882869959 CEST49849443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.882915020 CEST4434984913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.885201931 CEST49849443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.885201931 CEST49849443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.885241985 CEST4434984913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.889725924 CEST4434984413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.889877081 CEST4434984413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.889971972 CEST49844443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.890038013 CEST49844443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.890064001 CEST4434984413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.890115023 CEST49844443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.890130043 CEST4434984413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.892669916 CEST49850443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.892682076 CEST4434985013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.893589020 CEST49850443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.893589020 CEST49850443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:09.893613100 CEST4434985013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:09.923026085 CEST4972480192.168.2.493.184.221.240
                        Oct 4, 2024 09:17:09.928571939 CEST804972493.184.221.240192.168.2.4
                        Oct 4, 2024 09:17:09.928647995 CEST4972480192.168.2.493.184.221.240
                        Oct 4, 2024 09:17:10.327636003 CEST4434984613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.328377962 CEST49846443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.328424931 CEST4434984613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.328917027 CEST49846443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.328926086 CEST4434984613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.368809938 CEST4434984713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.369600058 CEST49847443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.369640112 CEST4434984713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.370192051 CEST49847443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.370198965 CEST4434984713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.428587914 CEST4434984613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.428775072 CEST4434984613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.428891897 CEST49846443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.429086924 CEST49846443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.429130077 CEST4434984613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.429167986 CEST49846443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.429183960 CEST4434984613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.432564020 CEST49851443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.432606936 CEST4434985113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.432701111 CEST49851443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.432857990 CEST49851443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.432873011 CEST4434985113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.471122980 CEST4434984713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.471337080 CEST4434984713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.471429110 CEST49847443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.471590042 CEST49847443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.471612930 CEST4434984713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.471628904 CEST49847443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.471637011 CEST4434984713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.475089073 CEST49852443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.475136042 CEST4434985213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.475263119 CEST49852443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.475467920 CEST49852443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.475486994 CEST4434985213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.509130001 CEST4434984813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.509601116 CEST49848443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.509624958 CEST4434984813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.510207891 CEST49848443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.510220051 CEST4434984813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.519087076 CEST4434984913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.519448042 CEST49849443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.519463062 CEST4434984913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.520006895 CEST49849443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.520035028 CEST4434984913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.540256023 CEST4434985013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.540687084 CEST49850443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.540720940 CEST4434985013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.541325092 CEST49850443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.541342974 CEST4434985013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.610229969 CEST4434984813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.610383034 CEST4434984813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.610476971 CEST49848443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.610596895 CEST49848443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.610610008 CEST4434984813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.610620022 CEST49848443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.610625029 CEST4434984813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.613560915 CEST49853443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.613612890 CEST4434985313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.613704920 CEST49853443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.613863945 CEST49853443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.613882065 CEST4434985313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.618473053 CEST4434984913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.618566036 CEST4434984913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.618623972 CEST49849443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.618757010 CEST49849443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.618777990 CEST4434984913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.618788958 CEST49849443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.618794918 CEST4434984913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.621527910 CEST49854443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.621551037 CEST4434985413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.621665955 CEST49854443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.621819019 CEST49854443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.621831894 CEST4434985413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.639468908 CEST4434985013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.639621973 CEST4434985013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.639714956 CEST49850443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.639765978 CEST49850443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.639781952 CEST4434985013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.639797926 CEST49850443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.639802933 CEST4434985013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.642525911 CEST49855443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.642617941 CEST4434985513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:10.642729044 CEST49855443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.642940044 CEST49855443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:10.642976046 CEST4434985513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.112689018 CEST4434985113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.119712114 CEST49851443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.119741917 CEST4434985113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.120310068 CEST49851443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.120316982 CEST4434985113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.158514977 CEST4434985213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.183971882 CEST49852443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.184009075 CEST4434985213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.184417009 CEST49852443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.184427023 CEST4434985213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.225174904 CEST4434985113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.225349903 CEST4434985113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.225418091 CEST49851443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.225598097 CEST49851443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.225630999 CEST4434985113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.225645065 CEST49851443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.225651026 CEST4434985113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.229271889 CEST49856443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.229300976 CEST4434985613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.229387045 CEST49856443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.237308025 CEST49856443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.237320900 CEST4434985613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.262407064 CEST4434985313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.263114929 CEST4434985413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.286106110 CEST4434985213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.286187887 CEST4434985213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.286271095 CEST49852443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.309376001 CEST4434985513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.310569048 CEST49853443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.310569048 CEST49854443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.353916883 CEST49855443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.386806965 CEST49853443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.386837959 CEST4434985313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.387422085 CEST49853443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.387428045 CEST4434985313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.387739897 CEST49854443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.387748003 CEST4434985413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.388292074 CEST49854443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.388298035 CEST4434985413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.388592958 CEST49852443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.388626099 CEST4434985213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.388668060 CEST49852443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.388676882 CEST4434985213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.390225887 CEST49855443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.390234947 CEST4434985513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.390794992 CEST49855443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.390799999 CEST4434985513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.396219969 CEST49857443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.396270037 CEST4434985713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.396359921 CEST49857443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.396457911 CEST49857443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.396469116 CEST4434985713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.486320019 CEST4434985413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.486402035 CEST4434985413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.486444950 CEST4434985313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.486479998 CEST49854443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.486521959 CEST4434985313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.486576080 CEST49853443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.490272045 CEST49854443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.490288019 CEST4434985413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.490303993 CEST49854443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.490314007 CEST4434985413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.490426064 CEST4434985513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.490505934 CEST4434985513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.490564108 CEST49855443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.491637945 CEST49853443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.491643906 CEST4434985313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.491664886 CEST49853443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.491669893 CEST4434985313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.492343903 CEST49855443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.492372036 CEST4434985513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.492387056 CEST49855443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.492393970 CEST4434985513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.496774912 CEST49858443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.496817112 CEST4434985813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.497122049 CEST49858443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.497440100 CEST49858443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.497454882 CEST4434985813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.497849941 CEST49859443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.497884035 CEST4434985913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.497951031 CEST49859443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.498049974 CEST49859443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.498058081 CEST4434985913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.498615026 CEST49860443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.498636961 CEST4434986013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:11.498720884 CEST49860443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.498811960 CEST49860443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:11.498823881 CEST4434986013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.129333019 CEST4434986013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.129973888 CEST49860443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.130062103 CEST4434986013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.130472898 CEST49860443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.130487919 CEST4434986013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.132920980 CEST4434985913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.133321047 CEST49859443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.133342981 CEST4434985913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.133671045 CEST49859443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.133677006 CEST4434985913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.135287046 CEST4434985613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.135626078 CEST49856443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.135633945 CEST4434985613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.135951042 CEST49856443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.135956049 CEST4434985613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.139818907 CEST4434985713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.140203953 CEST49857443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.140249014 CEST4434985713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.140541077 CEST49857443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.140551090 CEST4434985713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.149549961 CEST4434985813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.149933100 CEST49858443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.149956942 CEST4434985813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.150279045 CEST49858443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.150286913 CEST4434985813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.227746010 CEST4434986013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.227797985 CEST4434986013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.227865934 CEST49860443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.228148937 CEST49860443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.228176117 CEST4434986013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.228192091 CEST49860443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.228199959 CEST4434986013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.231549025 CEST49862443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.231632948 CEST4434986213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.231746912 CEST49862443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.231947899 CEST49862443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.231983900 CEST4434986213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.238864899 CEST4434985913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.239026070 CEST4434985913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.239104033 CEST49859443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.239151955 CEST49859443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.239176989 CEST4434985913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.239192009 CEST49859443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.239200115 CEST4434985913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.241317034 CEST49863443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.241345882 CEST4434986313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.241434097 CEST49863443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.241594076 CEST49863443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.241611958 CEST4434986313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.241894007 CEST4434985713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.241945028 CEST4434985713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.241995096 CEST49857443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.242167950 CEST49857443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.242186069 CEST4434985713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.242219925 CEST49857443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.242227077 CEST4434985713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.244482040 CEST49864443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.244524956 CEST4434986413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.244602919 CEST49864443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.244751930 CEST49864443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.244770050 CEST4434986413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.250237942 CEST4434985813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.250452042 CEST4434985813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.250521898 CEST49858443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.250580072 CEST49858443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.250586033 CEST4434985813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.250598907 CEST49858443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.250603914 CEST4434985813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.252816916 CEST49865443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.252857924 CEST4434986513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.252954006 CEST49865443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.253108978 CEST49865443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.253122091 CEST4434986513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.254657984 CEST4434985613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.254818916 CEST4434985613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.254878998 CEST49856443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.254921913 CEST49856443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.254930019 CEST4434985613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.254944086 CEST49856443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.254949093 CEST4434985613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.257158995 CEST49866443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.257169008 CEST4434986613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.257241964 CEST49866443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.257386923 CEST49866443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.257399082 CEST4434986613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.867636919 CEST4434986213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.868407011 CEST49862443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.868469954 CEST4434986213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.869127989 CEST49862443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.869142056 CEST4434986213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.892467022 CEST4434986413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.893218994 CEST49864443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.893270016 CEST4434986413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.893861055 CEST49864443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.893893003 CEST4434986413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.898036957 CEST4434986513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.898509979 CEST49865443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.898534060 CEST4434986513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.899442911 CEST49865443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.899449110 CEST4434986513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.908205032 CEST4434986313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.908767939 CEST49863443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.908808947 CEST4434986313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.909302950 CEST49863443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.909312010 CEST4434986313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.967508078 CEST4434986213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.967530012 CEST4434986213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.967643976 CEST49862443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.967678070 CEST4434986213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.967916965 CEST4434986213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.967931032 CEST49862443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.967978001 CEST4434986213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.968007088 CEST49862443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.968007088 CEST49862443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.968029022 CEST4434986213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.968048096 CEST4434986213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.971498013 CEST49867443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.971550941 CEST4434986713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.971709967 CEST49867443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.971908092 CEST49867443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.971937895 CEST4434986713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.993153095 CEST4434986413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.993280888 CEST4434986413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.993350983 CEST49864443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.993592024 CEST49864443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.993613958 CEST4434986413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.993639946 CEST49864443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.993653059 CEST4434986413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.996900082 CEST49868443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.996934891 CEST4434986813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:12.997044086 CEST49868443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.997215033 CEST49868443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:12.997231960 CEST4434986813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.001280069 CEST4434986513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.001333952 CEST4434986513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.001395941 CEST49865443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.001426935 CEST4434986513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.001878977 CEST4434986513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.001938105 CEST49865443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.002051115 CEST49865443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.002065897 CEST4434986513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.002080917 CEST49865443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.002087116 CEST4434986513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.009772062 CEST49869443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.009864092 CEST4434986913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.009967089 CEST49869443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.010137081 CEST49869443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.010165930 CEST4434986913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.011847019 CEST4434986313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.011986971 CEST4434986313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.012080908 CEST49863443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.012166977 CEST49863443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.012166977 CEST49863443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.012213945 CEST4434986313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.012244940 CEST4434986313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.014635086 CEST49870443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.014671087 CEST4434987013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.014756918 CEST49870443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.014914036 CEST49870443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.014941931 CEST4434987013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.618240118 CEST4434986713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.620837927 CEST49867443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.620872021 CEST4434986713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.621520996 CEST49867443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.621527910 CEST4434986713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.655354977 CEST4434987013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.656009912 CEST49870443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.656068087 CEST4434987013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.656675100 CEST49870443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.656689882 CEST4434987013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.658694983 CEST4434986813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.659071922 CEST49868443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.659105062 CEST4434986813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.659610987 CEST49868443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.659619093 CEST4434986813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.688694954 CEST4434986913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.689296961 CEST49869443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.689330101 CEST4434986913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.689867020 CEST49869443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.689881086 CEST4434986913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.719230890 CEST4434986713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.719265938 CEST4434986713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.719331980 CEST4434986713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.719331980 CEST49867443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.719422102 CEST49867443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.720702887 CEST49867443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.720757961 CEST4434986713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.720792055 CEST49867443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.720812082 CEST4434986713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.753336906 CEST4434987013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.753792048 CEST4434987013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.753890991 CEST49870443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.761373043 CEST4434986813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.761526108 CEST4434986813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.761604071 CEST49868443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.772463083 CEST4434986613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.791317940 CEST4434986913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.791812897 CEST4434986913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.791893005 CEST49869443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.823015928 CEST49866443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.881764889 CEST49870443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.881794930 CEST4434987013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.885241032 CEST49868443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.885279894 CEST4434986813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.885297060 CEST49868443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.885307074 CEST4434986813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.889863014 CEST49866443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.889893055 CEST4434986613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.891212940 CEST49866443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.891246080 CEST4434986613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.891674042 CEST49869443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.891700029 CEST4434986913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.891712904 CEST49869443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.891721964 CEST4434986913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.985833883 CEST4434986613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.985856056 CEST4434986613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.985963106 CEST49866443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.985994101 CEST4434986613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.986049891 CEST49866443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:13.986057997 CEST4434986613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:13.986115932 CEST49866443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.037228107 CEST49871443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.037281990 CEST4434987113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.037369013 CEST49871443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.120778084 CEST49866443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.120820045 CEST4434986613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.120855093 CEST49866443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.120865107 CEST4434986613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.129735947 CEST49871443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.129776001 CEST4434987113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.153904915 CEST49872443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.153958082 CEST4434987213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.154031038 CEST49872443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.155570030 CEST49873443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.155615091 CEST4434987313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.155693054 CEST49873443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.155817986 CEST49874443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.155827045 CEST4434987413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.155879974 CEST49874443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.156018019 CEST49873443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.156028032 CEST4434987313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.156155109 CEST49872443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.156172991 CEST4434987213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.156404018 CEST49874443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.156414032 CEST4434987413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.160108089 CEST49875443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.160131931 CEST4434987513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.160196066 CEST49875443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.160357952 CEST49875443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.160372019 CEST4434987513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.771425009 CEST4434987113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.776026964 CEST49871443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.776058912 CEST4434987113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.776676893 CEST49871443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.776683092 CEST4434987113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.792263031 CEST4434987413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.792639971 CEST4434987213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.793121099 CEST49874443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.793210030 CEST4434987413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.793976068 CEST49874443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.793992043 CEST4434987413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.794516087 CEST49872443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.794559002 CEST4434987213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.795155048 CEST49872443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.795164108 CEST4434987213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.800957918 CEST4434987313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.801567078 CEST49873443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.801599979 CEST4434987313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.802484989 CEST49873443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.802496910 CEST4434987313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.828810930 CEST4434987513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.829705000 CEST49875443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.829727888 CEST4434987513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.830368996 CEST49875443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.830373049 CEST4434987513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.871777058 CEST4434987113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.871906996 CEST4434987113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.871977091 CEST49871443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.872200012 CEST49871443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.872221947 CEST4434987113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.872236967 CEST49871443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.872241974 CEST4434987113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.876452923 CEST49876443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.876493931 CEST4434987613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.876578093 CEST49876443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.876796007 CEST49876443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.876810074 CEST4434987613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.891145945 CEST4434987413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.891227961 CEST4434987413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.891290903 CEST49874443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.891447067 CEST4434987213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.891722918 CEST49874443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.891722918 CEST49874443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.891750097 CEST4434987213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.891752005 CEST4434987413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.891767025 CEST4434987413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.891844988 CEST49872443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.891930103 CEST49872443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.891954899 CEST4434987213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.891968966 CEST49872443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.891977072 CEST4434987213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.895673037 CEST49877443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.895715952 CEST4434987713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.895750046 CEST49878443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.895757914 CEST4434987813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.895802975 CEST49877443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.895847082 CEST49878443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.896035910 CEST49878443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.896035910 CEST49877443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.896049976 CEST4434987813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.896063089 CEST4434987713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.899666071 CEST4434987313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.899923086 CEST4434987313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.899991989 CEST49873443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.900053024 CEST49873443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.900068998 CEST4434987313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.900091887 CEST49873443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.900099039 CEST4434987313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.903094053 CEST49879443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.903137922 CEST4434987913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.903220892 CEST49879443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.903413057 CEST49879443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.903429985 CEST4434987913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.931534052 CEST4434987513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.931716919 CEST4434987513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.931849003 CEST49875443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.932012081 CEST49875443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.932049036 CEST4434987513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.936163902 CEST49880443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.936232090 CEST4434988013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:14.936347961 CEST49880443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.936557055 CEST49880443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:14.936577082 CEST4434988013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.507939100 CEST4434987613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.511708021 CEST49876443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.511728048 CEST4434987613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.512360096 CEST49876443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.512366056 CEST4434987613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.540210009 CEST4434987913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.544836998 CEST49879443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.544847965 CEST4434987913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.545583963 CEST49879443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.545589924 CEST4434987913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.548271894 CEST4434987713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.548721075 CEST49877443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.548744917 CEST4434987713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.549223900 CEST49877443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.549231052 CEST4434987713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.555507898 CEST4434987813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.557195902 CEST49878443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.557215929 CEST4434987813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.558062077 CEST49878443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.558069944 CEST4434987813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.580518961 CEST4434988013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.581489086 CEST49880443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.581532001 CEST4434988013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.581789017 CEST49880443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.581800938 CEST4434988013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.619477034 CEST4434987613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.619571924 CEST4434987613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.619833946 CEST49876443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.620018005 CEST49876443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.620043993 CEST4434987613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.620090008 CEST49876443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.620099068 CEST4434987613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.623910904 CEST49881443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.623974085 CEST4434988113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.624070883 CEST49881443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.624272108 CEST49881443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.624289036 CEST4434988113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.640898943 CEST4434987913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.641129971 CEST4434987913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.641239882 CEST49879443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.641566038 CEST49879443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.641566038 CEST49879443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.641581059 CEST4434987913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.641592026 CEST4434987913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.645740032 CEST49882443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.645790100 CEST4434988213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.645895004 CEST49882443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.646126986 CEST49882443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.646145105 CEST4434988213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.648494959 CEST4434987713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.648644924 CEST4434987713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.649389982 CEST49877443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.649432898 CEST49877443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.649456024 CEST4434987713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.649471998 CEST49877443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.649480104 CEST4434987713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.655544043 CEST49883443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.655599117 CEST4434988313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.655714035 CEST49883443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.656610012 CEST49883443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.656630993 CEST4434988313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.660404921 CEST4434987813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.660474062 CEST4434987813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.660522938 CEST4434987813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.660583019 CEST49878443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.660653114 CEST49878443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.660917044 CEST49878443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.660947084 CEST4434987813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.660970926 CEST49878443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.660979033 CEST4434987813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.665977955 CEST49884443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.666024923 CEST4434988413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.666152000 CEST49884443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.666359901 CEST49884443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.666376114 CEST4434988413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.680947065 CEST4434988013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.681026936 CEST4434988013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.681145906 CEST4434988013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.681176901 CEST49880443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.681241989 CEST49880443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.681552887 CEST49880443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.681595087 CEST4434988013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.681617975 CEST49880443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.681627989 CEST4434988013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.685733080 CEST49885443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.685827971 CEST4434988513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:15.685985088 CEST49885443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.686214924 CEST49885443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:15.686253071 CEST4434988513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.244215012 CEST49886443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:17:16.244277954 CEST44349886142.250.181.228192.168.2.4
                        Oct 4, 2024 09:17:16.244368076 CEST49886443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:17:16.244688988 CEST49886443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:17:16.244703054 CEST44349886142.250.181.228192.168.2.4
                        Oct 4, 2024 09:17:16.276997089 CEST4434988113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.277617931 CEST49881443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.277658939 CEST4434988113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.278269053 CEST49881443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.278275013 CEST4434988113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.312834978 CEST4434988413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.313354015 CEST49884443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.313400984 CEST4434988413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.313921928 CEST49884443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.313931942 CEST4434988413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.317887068 CEST4434988313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.318295956 CEST49883443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.318334103 CEST4434988313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.318733931 CEST49883443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.318742037 CEST4434988313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.320096970 CEST4434988213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.320405006 CEST49882443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.320427895 CEST4434988213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.321095943 CEST49882443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.321100950 CEST4434988213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.322138071 CEST4434988513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.322494030 CEST49885443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.322527885 CEST4434988513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.322993994 CEST49885443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.322999001 CEST4434988513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.379623890 CEST4434988113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.380330086 CEST4434988113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.380588055 CEST49881443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.380588055 CEST49881443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.380588055 CEST49881443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.383420944 CEST49887443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.383459091 CEST4434988713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.383531094 CEST49887443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.383896112 CEST49887443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.383907080 CEST4434988713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.413177967 CEST4434988413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.413219929 CEST4434988413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.413273096 CEST4434988413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.413335085 CEST49884443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.413367033 CEST49884443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.413604975 CEST49884443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.413621902 CEST4434988413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.413642883 CEST49884443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.413649082 CEST4434988413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.416486025 CEST49888443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.416498899 CEST4434988813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.416569948 CEST49888443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.416733027 CEST49888443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.416745901 CEST4434988813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.420856953 CEST4434988513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.421070099 CEST4434988513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.421123981 CEST49885443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.421168089 CEST49885443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.421168089 CEST49885443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.421183109 CEST4434988513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.421190977 CEST4434988513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.423276901 CEST49889443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.423300028 CEST4434988913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.423397064 CEST49889443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.423501968 CEST49889443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.423511982 CEST4434988913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.424295902 CEST4434988213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.424550056 CEST4434988213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.424612045 CEST49882443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.424669981 CEST49882443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.424690962 CEST4434988213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.424710989 CEST49882443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.424717903 CEST4434988213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.426701069 CEST49890443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.426714897 CEST4434989013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.426776886 CEST49890443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.426889896 CEST49890443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.426899910 CEST4434989013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.472567081 CEST4434988313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.472708941 CEST4434988313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.472817898 CEST49883443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.498744011 CEST49883443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.498790979 CEST4434988313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.498811960 CEST49883443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.498822927 CEST4434988313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.541703939 CEST49891443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.541778088 CEST4434989113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.541867018 CEST49891443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.542022943 CEST49891443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.542042017 CEST4434989113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.695557117 CEST49881443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:16.695607901 CEST4434988113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:16.878509998 CEST44349886142.250.181.228192.168.2.4
                        Oct 4, 2024 09:17:16.878824949 CEST49886443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:17:16.878844023 CEST44349886142.250.181.228192.168.2.4
                        Oct 4, 2024 09:17:16.879301071 CEST44349886142.250.181.228192.168.2.4
                        Oct 4, 2024 09:17:16.879821062 CEST49886443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:17:16.879908085 CEST44349886142.250.181.228192.168.2.4
                        Oct 4, 2024 09:17:16.929970026 CEST49886443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:17:17.051675081 CEST4434988813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.052381039 CEST49888443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.052423954 CEST4434988813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.052536964 CEST4434988713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.052778959 CEST49888443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.052791119 CEST4434988813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.052810907 CEST49887443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.052824020 CEST4434988713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.053355932 CEST49887443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.053363085 CEST4434988713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.062721968 CEST4434988913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.063107014 CEST49889443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.063134909 CEST4434988913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.063615084 CEST49889443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.063628912 CEST4434988913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.076081038 CEST4434989013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.076442957 CEST49890443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.076461077 CEST4434989013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.076850891 CEST49890443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.076862097 CEST4434989013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.150583029 CEST4434988813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.150810957 CEST4434988813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.150942087 CEST49888443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.150995016 CEST49888443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.150995016 CEST49888443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.151020050 CEST4434988813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.151036024 CEST4434988813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.154062986 CEST49892443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.154108047 CEST4434989213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.154192924 CEST49892443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.154356956 CEST49892443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.154371023 CEST4434989213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.154907942 CEST4434988713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.155076981 CEST4434988713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.155127048 CEST49887443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.155188084 CEST49887443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.155194998 CEST4434988713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.155209064 CEST49887443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.155215025 CEST4434988713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.157267094 CEST49893443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.157303095 CEST4434989313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.157370090 CEST49893443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.157485008 CEST49893443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.157501936 CEST4434989313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.160345078 CEST4434988913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.160490036 CEST4434988913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.160540104 CEST4434988913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.160542011 CEST49889443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.160593033 CEST49889443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.160634995 CEST49889443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.160655022 CEST4434988913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.160667896 CEST49889443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.160675049 CEST4434988913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.163036108 CEST49894443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.163063049 CEST4434989413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.163292885 CEST49894443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.163292885 CEST49894443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.163357019 CEST4434989413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.176922083 CEST4434989013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.177079916 CEST4434989013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.177211046 CEST49890443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.178014994 CEST49890443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.178015947 CEST49890443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.178065062 CEST4434989013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.178098917 CEST4434989013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.181951046 CEST49895443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.181988955 CEST4434989513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.182061911 CEST49895443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.182374001 CEST49895443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.182389021 CEST4434989513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.197253942 CEST4434989113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.197774887 CEST49891443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.197812080 CEST4434989113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.198329926 CEST49891443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.198338985 CEST4434989113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.298542976 CEST4434989113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.298578024 CEST4434989113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.298630953 CEST4434989113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.298644066 CEST49891443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.298705101 CEST49891443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.299048901 CEST49891443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.299072027 CEST4434989113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.299088001 CEST49891443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.299096107 CEST4434989113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.302920103 CEST49896443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.302963018 CEST4434989613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:17.303051949 CEST49896443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.303225994 CEST49896443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:17.303237915 CEST4434989613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.152548075 CEST4434989413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.152672052 CEST4434989513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.153142929 CEST49894443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.153166056 CEST4434989413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.153165102 CEST49895443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.153198957 CEST4434989513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.153650999 CEST49895443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.153659105 CEST4434989513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.153681993 CEST4434989213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.153718948 CEST49894443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.153728962 CEST4434989413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.153945923 CEST49892443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.153954029 CEST4434989213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.154369116 CEST49892443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.154373884 CEST4434989213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.154520988 CEST4434989313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.154792070 CEST49893443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.154807091 CEST4434989313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.155133009 CEST4434989613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.155172110 CEST49893443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.155179024 CEST4434989313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.155419111 CEST49896443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.155440092 CEST4434989613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.155795097 CEST49896443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.155802965 CEST4434989613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.252578974 CEST4434989313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.252691984 CEST4434989313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.252772093 CEST49893443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.252913952 CEST4434989213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.253089905 CEST49893443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.253114939 CEST4434989313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.253130913 CEST49893443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.253139019 CEST4434989313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.253149986 CEST4434989213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.253196001 CEST49892443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.253251076 CEST49892443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.253283024 CEST4434989213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.253303051 CEST49892443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.253309965 CEST4434989213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.253438950 CEST4434989413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.253695965 CEST4434989413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.253743887 CEST49894443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.253910065 CEST49894443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.253916979 CEST4434989413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.253940105 CEST49894443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.253946066 CEST4434989413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.254503012 CEST4434989613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.254601955 CEST4434989613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.254653931 CEST49896443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.255114079 CEST49896443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.255131006 CEST4434989613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.255148888 CEST49896443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.255156994 CEST4434989613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.255419016 CEST4434989513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.255692005 CEST4434989513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.255740881 CEST4434989513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.255742073 CEST49895443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.255784035 CEST49895443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.256407976 CEST49895443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.256431103 CEST4434989513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.256448030 CEST49895443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.256454945 CEST4434989513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.258213997 CEST49897443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.258270025 CEST4434989713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.258337021 CEST49897443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.258485079 CEST49898443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.258497000 CEST4434989813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.258548021 CEST49898443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.258877993 CEST49897443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.258888960 CEST4434989713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.259406090 CEST49898443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.259414911 CEST4434989813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.261044025 CEST49899443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.261085033 CEST4434989913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.261112928 CEST49900443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.261147022 CEST49899443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.261148930 CEST4434990013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.261194944 CEST49900443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.261328936 CEST49899443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.261329889 CEST49900443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.261341095 CEST4434989913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.261346102 CEST4434990013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.262023926 CEST49901443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.262067080 CEST4434990113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.262145996 CEST49901443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.262222052 CEST49901443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.262233973 CEST4434990113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.924422026 CEST4434990113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.925112963 CEST49901443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.925149918 CEST4434990113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.925654888 CEST49901443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.925662994 CEST4434990113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.930589914 CEST4434989913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.930983067 CEST49899443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.930995941 CEST4434989913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.931406975 CEST49899443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.931412935 CEST4434989913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.931502104 CEST4434989713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.931768894 CEST49897443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.931794882 CEST4434989713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.932116985 CEST49897443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.932125092 CEST4434989713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.950052977 CEST4434990013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.950429916 CEST49900443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.950464964 CEST4434990013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.950850964 CEST49900443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.950858116 CEST4434990013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.951181889 CEST4434989813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.951436043 CEST49898443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.951497078 CEST4434989813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:18.951772928 CEST49898443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:18.951782942 CEST4434989813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.024590015 CEST4434990113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.024630070 CEST4434990113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.024686098 CEST4434990113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.024719954 CEST49901443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.024857044 CEST49901443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.031181097 CEST4434989913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.031457901 CEST4434989913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.031527996 CEST49899443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.032519102 CEST4434989713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.032785892 CEST4434989713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.032847881 CEST49897443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.036612988 CEST49901443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.036613941 CEST49901443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.036648035 CEST4434990113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.036663055 CEST4434990113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.037889004 CEST49899443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.037923098 CEST4434989913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.037931919 CEST49899443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.037940025 CEST4434989913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.038069010 CEST49897443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.038094997 CEST4434989713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.038111925 CEST49897443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.038122892 CEST4434989713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.040721893 CEST49902443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.040756941 CEST4434990213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.041049957 CEST49902443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.041531086 CEST49903443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.041654110 CEST4434990313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.041737080 CEST49902443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.041744947 CEST49903443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.041748047 CEST4434990213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.044883013 CEST49904443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.044918060 CEST4434990413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.045023918 CEST49904443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.045120001 CEST49904443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.045129061 CEST49903443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.045135021 CEST4434990413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.045195103 CEST4434990313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.054508924 CEST4434990013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.054605961 CEST4434990013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.054691076 CEST49900443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.055902004 CEST4434989813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.056015968 CEST4434989813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.056083918 CEST49898443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.061017990 CEST49898443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.061052084 CEST4434989813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.061091900 CEST49898443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.061104059 CEST4434989813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.061203003 CEST49900443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.061259031 CEST4434990013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.061306953 CEST49900443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.061327934 CEST4434990013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.101102114 CEST49905443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.101156950 CEST4434990513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.101268053 CEST49905443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.101768017 CEST49905443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.101785898 CEST4434990513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.102844954 CEST49906443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.102869987 CEST4434990613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.102927923 CEST49906443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.103085995 CEST49906443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.103100061 CEST4434990613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.675486088 CEST4434990213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.676184893 CEST49902443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.676215887 CEST4434990213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.676683903 CEST49902443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.676692963 CEST4434990213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.690994978 CEST4434990313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.691524029 CEST49903443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.691548109 CEST4434990313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.691994905 CEST49903443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.692004919 CEST4434990313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.720773935 CEST4434990413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.721353054 CEST49904443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.721384048 CEST4434990413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.721802950 CEST49904443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.721812010 CEST4434990413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.743026018 CEST4434990513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.743624926 CEST49905443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.743650913 CEST4434990513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.743805885 CEST4434990613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.744071007 CEST49905443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.744080067 CEST4434990513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.744108915 CEST49906443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.744126081 CEST4434990613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.744673967 CEST49906443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.744683027 CEST4434990613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.777426004 CEST4434990213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.777517080 CEST4434990213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.777570963 CEST49902443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.777784109 CEST49902443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.777806044 CEST4434990213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.777821064 CEST49902443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.777827024 CEST4434990213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.781009912 CEST49907443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.781076908 CEST4434990713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.781147957 CEST49907443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.781369925 CEST49907443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.781385899 CEST4434990713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.803426027 CEST4434990313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.803499937 CEST4434990313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.803554058 CEST4434990313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.803560972 CEST49903443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.803606033 CEST49903443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.803764105 CEST49903443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.803793907 CEST4434990313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.803811073 CEST49903443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.803821087 CEST4434990313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.807455063 CEST49908443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.807502031 CEST4434990813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.807565928 CEST49908443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.807714939 CEST49908443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.807735920 CEST4434990813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.826340914 CEST4434990413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.826472998 CEST4434990413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.826533079 CEST49904443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.826652050 CEST49904443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.826678038 CEST4434990413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.826699018 CEST49904443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.826706886 CEST4434990413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.829384089 CEST49909443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.829448938 CEST4434990913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.829555988 CEST49909443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.829694033 CEST49909443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.829706907 CEST4434990913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.842932940 CEST4434990513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.843343019 CEST4434990513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.843436956 CEST49905443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.843502045 CEST49905443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.843529940 CEST4434990513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.843544960 CEST49905443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.843553066 CEST4434990513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.843558073 CEST4434990613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.843913078 CEST4434990613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.843996048 CEST49906443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.844012976 CEST49906443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.844017982 CEST4434990613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.844031096 CEST49906443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.844043970 CEST4434990613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.846451044 CEST49910443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.846497059 CEST4434991013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.846498966 CEST49911443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.846539021 CEST4434991113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.846571922 CEST49910443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.846601009 CEST49911443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.846723080 CEST49910443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.846744061 CEST4434991013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:19.846749067 CEST49911443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:19.846757889 CEST4434991113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.559737921 CEST4434990813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.560337067 CEST4434990713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.560650110 CEST4434991113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.560723066 CEST49908443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.560760021 CEST4434990813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.561209917 CEST49907443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.561227083 CEST4434990713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.561291933 CEST4434990913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.561331987 CEST4434991013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.561371088 CEST49908443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.561382055 CEST4434990813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.561553955 CEST49911443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.561563969 CEST4434991113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.561927080 CEST49907443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.561933994 CEST4434990713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.562231064 CEST49911443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.562237024 CEST4434991113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.562422037 CEST49909443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.562448025 CEST4434990913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.562942028 CEST49910443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.562958956 CEST4434991013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.562992096 CEST49909443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.562995911 CEST4434990913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.563462973 CEST49910443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.563467979 CEST4434991013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.660062075 CEST4434990713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.660094976 CEST4434991113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.660118103 CEST4434990713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.660173893 CEST4434990713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.660257101 CEST49907443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.660284042 CEST49907443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.660520077 CEST49907443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.660537958 CEST4434990713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.660552979 CEST49907443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.660559893 CEST4434990713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.660685062 CEST4434991113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.660727978 CEST4434991113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.660872936 CEST49911443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.660933018 CEST4434990813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.660995007 CEST4434990813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.661107063 CEST49908443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.664705038 CEST4434990913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.664773941 CEST4434990913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.664844990 CEST49909443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.664880037 CEST4434990913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.664906979 CEST4434990913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.665081024 CEST49909443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.665939093 CEST4434991013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.666017056 CEST4434991013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.666069031 CEST49910443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.668030977 CEST49909443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.668062925 CEST4434990913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.668081045 CEST49909443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.668088913 CEST4434990913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.668771982 CEST49910443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.668786049 CEST4434991013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.668797970 CEST49910443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.668802977 CEST4434991013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.669665098 CEST49911443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.669682980 CEST4434991113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.669761896 CEST49911443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.669768095 CEST4434991113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.670140982 CEST49908443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.670140982 CEST49908443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.670146942 CEST4434990813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.670150995 CEST4434990813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.673278093 CEST49912443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.673316956 CEST4434991213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.673542976 CEST49912443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.673947096 CEST49913443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.673989058 CEST4434991313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.674061060 CEST49913443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.674220085 CEST49914443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.674228907 CEST4434991413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.674660921 CEST49914443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.675359964 CEST49913443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.675379038 CEST4434991313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.675406933 CEST49912443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.675406933 CEST49915443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.675414085 CEST49916443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.675426960 CEST4434991213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.675438881 CEST4434991513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.675451994 CEST4434991613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.675482988 CEST49914443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.675493002 CEST4434991413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.675496101 CEST49915443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.675558090 CEST49916443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.675648928 CEST49916443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.675666094 CEST4434991613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:20.676042080 CEST49915443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:20.676075935 CEST4434991513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.309807062 CEST4434991413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.313922882 CEST49914443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.314001083 CEST4434991413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.314496040 CEST49914443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.314511061 CEST4434991413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.315444946 CEST4434991213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.315567970 CEST4434991613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.315586090 CEST4434991513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.316082954 CEST49916443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.316114902 CEST4434991613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.316279888 CEST49912443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.316303015 CEST4434991213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.316517115 CEST49915443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.316530943 CEST4434991513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.316880941 CEST49912443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.316888094 CEST4434991213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.316906929 CEST49915443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.316917896 CEST4434991513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.316984892 CEST49916443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.316992044 CEST4434991613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.336546898 CEST4434991313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.337251902 CEST49913443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.337295055 CEST4434991313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.338560104 CEST49913443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.338573933 CEST4434991313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.409296989 CEST4434991413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.409447908 CEST4434991413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.409560919 CEST49914443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.409848928 CEST49914443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.409873009 CEST4434991413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.409899950 CEST49914443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.409905910 CEST4434991413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.413513899 CEST49917443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.413589954 CEST4434991713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.413671017 CEST49917443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.414143085 CEST49917443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.414171934 CEST4434991713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.423712015 CEST4434991613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.423943043 CEST4434991213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.423999071 CEST4434991513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.424002886 CEST4434991613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.424077034 CEST49916443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.424365997 CEST49916443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.424390078 CEST4434991613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.424405098 CEST49916443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.424412012 CEST4434991613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.424556971 CEST4434991213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.424607038 CEST49912443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.424635887 CEST4434991513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.424643993 CEST4434991213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.424663067 CEST4434991213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.424685955 CEST49915443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.424747944 CEST49912443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.424747944 CEST49912443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.424766064 CEST49912443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.424777985 CEST4434991213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.426376104 CEST49915443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.426393986 CEST4434991513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.426405907 CEST49915443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.426412106 CEST4434991513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.428174973 CEST49918443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.428210020 CEST4434991813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.428281069 CEST49918443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.430478096 CEST49918443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.430488110 CEST4434991813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.431560993 CEST49919443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.431591034 CEST4434991913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.431646109 CEST49919443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.431766033 CEST49919443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.431778908 CEST4434991913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.433520079 CEST49920443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.433554888 CEST4434992013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.433618069 CEST49920443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.434042931 CEST49920443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.434055090 CEST4434992013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.439289093 CEST4434991313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.439328909 CEST4434991313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.439393997 CEST49913443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.439399958 CEST4434991313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.439445019 CEST49913443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.439641953 CEST49913443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.439659119 CEST4434991313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.439671993 CEST49913443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.439677954 CEST4434991313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.450510979 CEST49921443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.450562954 CEST4434992113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:21.450650930 CEST49921443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.450799942 CEST49921443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:21.450810909 CEST4434992113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.068852901 CEST4434991713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.069442987 CEST49917443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.069462061 CEST4434991713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.070039034 CEST49917443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.070046902 CEST4434991713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.072185993 CEST4434991913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.072648048 CEST49919443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.072678089 CEST4434991913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.073148012 CEST49919443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.073153973 CEST4434991913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.082812071 CEST4434992013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.083312035 CEST49920443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.083425045 CEST4434992013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.083733082 CEST49920443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.083748102 CEST4434992013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.086028099 CEST4434991813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.086424112 CEST49918443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.086455107 CEST4434991813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.086846113 CEST49918443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.086853981 CEST4434991813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.097332954 CEST4434992113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.097843885 CEST49921443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.097883940 CEST4434992113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.098193884 CEST49921443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.098200083 CEST4434992113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.171452045 CEST4434991713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.171547890 CEST4434991713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.171675920 CEST49917443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.171989918 CEST49917443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.172005892 CEST4434991713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.172038078 CEST49917443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.172045946 CEST4434991713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.174937963 CEST49922443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.175000906 CEST4434992213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.175184965 CEST49922443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.175319910 CEST49922443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.175337076 CEST4434992213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.182706118 CEST4434991913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.182846069 CEST4434991913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.182905912 CEST4434991913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.182910919 CEST49919443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.182950020 CEST49919443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.183109999 CEST49919443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.183137894 CEST4434991913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.183151960 CEST49919443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.183157921 CEST4434991913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.183583021 CEST4434992013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.184279919 CEST4434992013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.184357882 CEST49920443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.184431076 CEST49920443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.184454918 CEST4434992013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.184469938 CEST49920443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.184478045 CEST4434992013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.185993910 CEST49923443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.186028004 CEST4434992313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.186093092 CEST49923443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.186248064 CEST49923443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.186261892 CEST4434992313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.187050104 CEST49924443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.187082052 CEST4434992413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.187154055 CEST49924443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.187263012 CEST49924443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.187273979 CEST4434992413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.188066959 CEST4434991813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.188133001 CEST4434991813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.188183069 CEST49918443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.188246012 CEST49918443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.188255072 CEST4434991813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.188268900 CEST49918443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.188275099 CEST4434991813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.190340996 CEST49925443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.190395117 CEST4434992513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.190474987 CEST49925443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.190582991 CEST49925443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.190598011 CEST4434992513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.199338913 CEST4434992113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.199382067 CEST4434992113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.199434042 CEST4434992113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.199466944 CEST49921443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.199565887 CEST49921443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.199702978 CEST49921443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.199714899 CEST4434992113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.199743032 CEST49921443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.199748039 CEST4434992113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.202336073 CEST49926443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.202383995 CEST4434992613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:22.202486992 CEST49926443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.202635050 CEST49926443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:22.202645063 CEST4434992613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.565486908 CEST4434992513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.566390038 CEST49925443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.566418886 CEST4434992513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.566777945 CEST49925443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.566783905 CEST4434992513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.569053888 CEST4434992313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.569367886 CEST49923443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.569405079 CEST4434992313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.569711924 CEST49923443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.569722891 CEST4434992313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.573884010 CEST4434992213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.574203968 CEST49922443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.574229956 CEST4434992213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.574512959 CEST49922443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.574517965 CEST4434992213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.583806992 CEST4434992613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.584295988 CEST49926443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.584328890 CEST4434992613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.585207939 CEST49926443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.585216045 CEST4434992613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.585442066 CEST4434992413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.585681915 CEST49924443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.585702896 CEST4434992413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.585990906 CEST49924443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.585998058 CEST4434992413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.664414883 CEST4434992513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.664448023 CEST4434992513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.664500952 CEST4434992513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.664578915 CEST49925443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.665095091 CEST49925443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.665095091 CEST49925443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.666158915 CEST49925443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.666184902 CEST4434992513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.668811083 CEST49927443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.668853045 CEST4434992713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.668920040 CEST49927443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.669073105 CEST49927443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.669081926 CEST4434992713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.671107054 CEST4434992313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.671196938 CEST4434992313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.671313047 CEST49923443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.671364069 CEST49923443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.671397924 CEST4434992313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.671422005 CEST49923443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.671430111 CEST4434992313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.673626900 CEST49928443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.673669100 CEST4434992813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.673739910 CEST49928443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.673851013 CEST49928443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.673866034 CEST4434992813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.677248001 CEST4434992213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.677306890 CEST4434992213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.677443981 CEST49922443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.677476883 CEST49922443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.677494049 CEST4434992213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.677506924 CEST49922443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.677511930 CEST4434992213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.679653883 CEST49929443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.679698944 CEST4434992913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.679768085 CEST49929443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.679892063 CEST49929443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.679899931 CEST4434992913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.681324959 CEST4434992613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.681596994 CEST4434992613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.681813955 CEST49926443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.681813955 CEST49926443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.681859016 CEST49926443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.681869984 CEST4434992613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.683770895 CEST49930443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.683794022 CEST4434993013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.683861017 CEST49930443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.683993101 CEST49930443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.684003115 CEST4434993013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.684897900 CEST4434992413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.684998035 CEST4434992413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.685072899 CEST49924443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.685120106 CEST49924443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.685132027 CEST4434992413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.685159922 CEST49924443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.685164928 CEST4434992413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.687047005 CEST49931443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.687074900 CEST4434993113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:23.687135935 CEST49931443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.687258005 CEST49931443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:23.687271118 CEST4434993113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.312562943 CEST4434992713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.323012114 CEST4434993013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.325901985 CEST4434992913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.338001966 CEST4434993113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.351444006 CEST4434992813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.351797104 CEST49927443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.351821899 CEST4434992713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.363312960 CEST49927443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.363321066 CEST4434992713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.367290974 CEST49928443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.367321968 CEST4434992813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.368112087 CEST49930443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.369716883 CEST49929443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.371526957 CEST49928443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.371542931 CEST4434992813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.375432968 CEST49930443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.375439882 CEST4434993013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.383733988 CEST49931443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.416985989 CEST49930443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.416996956 CEST4434993013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.418051004 CEST49929443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.418055058 CEST4434992913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.418519020 CEST49929443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.418523073 CEST4434992913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.431296110 CEST49931443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.431307077 CEST4434993113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.431749105 CEST49931443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.431754112 CEST4434993113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.467890024 CEST4434992713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.467935085 CEST4434992713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.467993021 CEST49927443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.468009949 CEST4434992713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.468033075 CEST4434992713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.468075037 CEST49927443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.468298912 CEST49927443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.468317986 CEST4434992713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.468333006 CEST49927443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.468339920 CEST4434992713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.471976995 CEST49932443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.472084045 CEST4434993213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.472184896 CEST49932443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.472342014 CEST49932443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.472378016 CEST4434993213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.472421885 CEST4434992813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.472470999 CEST4434992813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.472534895 CEST49928443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.472667933 CEST49928443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.472690105 CEST4434992813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.472702980 CEST49928443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.472708941 CEST4434992813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.474756956 CEST49933443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.474798918 CEST4434993313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.475429058 CEST49933443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.475538015 CEST49933443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.475555897 CEST4434993313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.515055895 CEST4434993013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.515146971 CEST4434993013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.515218973 CEST49930443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.515405893 CEST49930443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.515429020 CEST4434993013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.515439987 CEST49930443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.515446901 CEST4434993013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.518204927 CEST49934443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.518250942 CEST4434993413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.518312931 CEST49934443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.518475056 CEST49934443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.518487930 CEST4434993413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.518959045 CEST4434992913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.519047976 CEST4434992913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.519104004 CEST49929443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.519234896 CEST49929443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.519234896 CEST49929443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.519241095 CEST4434992913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.519248962 CEST4434992913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.521245956 CEST49935443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.521347046 CEST4434993513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.521507978 CEST49935443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.521627903 CEST49935443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.521656990 CEST4434993513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.527890921 CEST4434993113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.527956009 CEST4434993113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.528036118 CEST49931443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.528114080 CEST49931443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.528129101 CEST4434993113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.528140068 CEST49931443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.528145075 CEST4434993113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.530559063 CEST49936443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.530592918 CEST4434993613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:24.531153917 CEST49936443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.531364918 CEST49936443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:24.531377077 CEST4434993613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.146287918 CEST4434993213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.146986961 CEST49932443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.147084951 CEST4434993213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.147468090 CEST49932443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.147491932 CEST4434993213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.156689882 CEST4434993313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.159543991 CEST49933443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.159564972 CEST4434993313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.160017967 CEST49933443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.160022020 CEST4434993313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.164210081 CEST4434993413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.165656090 CEST49934443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.165673971 CEST4434993413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.166099072 CEST49934443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.166104078 CEST4434993413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.180535078 CEST4434993513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.181031942 CEST49935443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.181144953 CEST4434993513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.181526899 CEST49935443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.181550980 CEST4434993513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.206077099 CEST4434993613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.206536055 CEST49936443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.206572056 CEST4434993613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.206942081 CEST49936443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.206954002 CEST4434993613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.249725103 CEST4434993213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.249895096 CEST4434993213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.250111103 CEST49932443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.250161886 CEST49932443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.250186920 CEST4434993213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.250226021 CEST49932443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.250233889 CEST4434993213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.253273010 CEST49938443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.253319025 CEST4434993813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.253415108 CEST49938443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.253573895 CEST49938443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.253591061 CEST4434993813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.261152983 CEST4434993313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.261816025 CEST4434993313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.261882067 CEST49933443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.261929989 CEST49933443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.261945009 CEST4434993313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.261955023 CEST49933443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.261960983 CEST4434993313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.264195919 CEST49939443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.264238119 CEST4434993913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.264332056 CEST49939443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.264473915 CEST49939443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.264488935 CEST4434993913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.265656948 CEST4434993413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.265923977 CEST4434993413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.265975952 CEST49934443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.265995026 CEST49934443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.265999079 CEST4434993413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.266009092 CEST49934443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.266011953 CEST4434993413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.267905951 CEST49940443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.267950058 CEST4434994013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.268026114 CEST49940443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.268148899 CEST49940443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.268167019 CEST4434994013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.282134056 CEST4434993513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.282244921 CEST4434993513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.282305956 CEST4434993513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.282355070 CEST49935443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.282392979 CEST49935443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.282438993 CEST49935443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.282457113 CEST4434993513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.282490969 CEST49935443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.282497883 CEST4434993513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.284636021 CEST49941443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.284688950 CEST4434994113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.284770012 CEST49941443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.284902096 CEST49941443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.284918070 CEST4434994113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.316226006 CEST4434993613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.316304922 CEST4434993613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.316555023 CEST49936443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.316602945 CEST49936443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.316602945 CEST49936443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.316621065 CEST4434993613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.316629887 CEST4434993613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.319147110 CEST49942443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.319195032 CEST4434994213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.319264889 CEST49942443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.319430113 CEST49942443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.319442034 CEST4434994213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.488045931 CEST49943443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:25.488100052 CEST44349943216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:25.488179922 CEST49943443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:25.488476992 CEST49943443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:25.488495111 CEST44349943216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:25.652012110 CEST49944443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:25.652071953 CEST44349944216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:25.652168989 CEST49944443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:25.652508974 CEST49944443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:25.652520895 CEST44349944216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:25.912782907 CEST4434994013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.913513899 CEST49940443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.913528919 CEST4434994013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.914026022 CEST49940443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.914031982 CEST4434994013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.921386957 CEST4434993913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.921701908 CEST49939443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.921720028 CEST4434993913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.922044039 CEST49939443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.922050953 CEST4434993913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.925095081 CEST4434994113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.925359964 CEST49941443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.925422907 CEST4434994113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.925649881 CEST49941443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.925663948 CEST4434994113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.937457085 CEST4434993813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.937787056 CEST49938443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.937813044 CEST4434993813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.938128948 CEST49938443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.938136101 CEST4434993813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.963143110 CEST4434994213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.963633060 CEST49942443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.963651896 CEST4434994213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:25.964016914 CEST49942443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:25.964020967 CEST4434994213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.014712095 CEST4434994013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.014731884 CEST4434994013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.014800072 CEST4434994013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.014846087 CEST49940443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.014900923 CEST49940443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.015166998 CEST49940443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.015186071 CEST4434994013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.015197039 CEST49940443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.015202045 CEST4434994013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.018191099 CEST49945443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.018254042 CEST4434994513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.018331051 CEST49945443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.018464088 CEST49945443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.018488884 CEST4434994513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.023365974 CEST4434993913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.023458958 CEST4434993913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.023521900 CEST49939443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.023703098 CEST49939443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.023727894 CEST4434993913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.023740053 CEST49939443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.023746967 CEST4434993913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.024996042 CEST4434994113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.025284052 CEST4434994113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.025343895 CEST4434994113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.025382042 CEST49941443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.025466919 CEST49941443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.025831938 CEST49946443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.025844097 CEST4434994613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.025899887 CEST49946443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.025996923 CEST49946443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.026011944 CEST4434994613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.026099920 CEST49941443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.026099920 CEST49941443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.026144028 CEST4434994113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.026173115 CEST4434994113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.027734041 CEST49947443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.027781963 CEST4434994713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.028690100 CEST49947443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.028795958 CEST49947443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.028808117 CEST4434994713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.048652887 CEST4434993813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.048824072 CEST4434993813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.048960924 CEST49938443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.048993111 CEST49938443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.048993111 CEST49938443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.049006939 CEST4434993813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.049019098 CEST4434993813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.051076889 CEST49948443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.051125050 CEST4434994813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.051215887 CEST49948443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.051332951 CEST49948443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.051351070 CEST4434994813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.068509102 CEST4434994213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.069245100 CEST4434994213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.069303989 CEST4434994213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.069411993 CEST49942443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.069412947 CEST49942443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.069412947 CEST49942443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.069412947 CEST49942443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.071481943 CEST49949443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.071525097 CEST4434994913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.071610928 CEST49949443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.071753025 CEST49949443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.071765900 CEST4434994913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.132283926 CEST44349943216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.132756948 CEST49943443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:26.132776976 CEST44349943216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.133155107 CEST44349943216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.133459091 CEST49943443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:26.133522987 CEST44349943216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.133630991 CEST49943443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:26.134366035 CEST49943443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:26.134372950 CEST44349943216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.306314945 CEST44349944216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.307233095 CEST49944443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:26.307246923 CEST44349944216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.307611942 CEST44349944216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.307900906 CEST49944443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:26.307951927 CEST44349944216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.308070898 CEST49944443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:26.308087111 CEST49944443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:26.308098078 CEST44349944216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.384809971 CEST49942443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.384843111 CEST4434994213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.437359095 CEST44349943216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.438865900 CEST44349943216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.438982964 CEST49943443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:26.439095974 CEST49943443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:26.439112902 CEST44349943216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.608234882 CEST44349944216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.609680891 CEST44349944216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.609759092 CEST49944443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:26.609849930 CEST49944443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:26.609863043 CEST44349944216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:26.660240889 CEST4434994513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.660996914 CEST49945443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.661031961 CEST4434994513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.661547899 CEST49945443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.661555052 CEST4434994513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.676801920 CEST4434994613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.693408966 CEST4434994713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.697500944 CEST4434994813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.714401007 CEST4434994913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.735800028 CEST49946443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.736635923 CEST49946443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.736654043 CEST4434994613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.737155914 CEST49946443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.737162113 CEST4434994613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.737515926 CEST49947443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.737544060 CEST4434994713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.737863064 CEST49947443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.737869024 CEST4434994713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.738059044 CEST49948443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.738078117 CEST4434994813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.738394022 CEST49948443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.738403082 CEST4434994813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.738612890 CEST49949443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.738661051 CEST4434994913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.738940954 CEST49949443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.738946915 CEST4434994913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.761862993 CEST4434994513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.761926889 CEST4434994513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.762005091 CEST49945443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.773005009 CEST49945443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.773034096 CEST4434994513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.773065090 CEST49945443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.773071051 CEST4434994513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.799833059 CEST44349886142.250.181.228192.168.2.4
                        Oct 4, 2024 09:17:26.799890995 CEST44349886142.250.181.228192.168.2.4
                        Oct 4, 2024 09:17:26.799964905 CEST49886443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:17:26.837379932 CEST4434994613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.837414026 CEST4434994613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.837472916 CEST4434994913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.837475061 CEST4434994813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.837483883 CEST4434994613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.837496042 CEST4434994813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.837522030 CEST49946443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.837543011 CEST4434994813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.837585926 CEST49948443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.837594032 CEST49946443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.837613106 CEST49948443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.838506937 CEST4434994913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.838547945 CEST4434994913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.838547945 CEST49949443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.838588953 CEST49949443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.840425968 CEST4434994713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.840486050 CEST4434994713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.840547085 CEST49947443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.849478006 CEST49950443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.849509001 CEST4434995013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.849575996 CEST49950443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.868527889 CEST49950443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.868556023 CEST4434995013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.868779898 CEST49946443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.868804932 CEST4434994613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.868830919 CEST49946443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.868837118 CEST4434994613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.881526947 CEST49948443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.881557941 CEST4434994813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.881570101 CEST49948443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.881577015 CEST4434994813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.885343075 CEST49949443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.885379076 CEST4434994913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.885391951 CEST49949443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.885397911 CEST4434994913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.887062073 CEST49947443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.887062073 CEST49947443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.887078047 CEST4434994713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.887089014 CEST4434994713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.925769091 CEST49951443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.925820112 CEST4434995113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.925889969 CEST49951443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.927371979 CEST49952443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.927381039 CEST4434995213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.927448988 CEST49952443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.927728891 CEST49953443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.927747011 CEST49951443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.927761078 CEST4434995113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.927762985 CEST4434995313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.927814007 CEST49953443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.927877903 CEST49952443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.927887917 CEST4434995213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.927944899 CEST49953443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.927961111 CEST4434995313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.928858995 CEST49954443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.928867102 CEST4434995413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:26.928920031 CEST49954443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.929039955 CEST49954443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:26.929052114 CEST4434995413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.527344942 CEST4434995013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.530334949 CEST49950443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.530373096 CEST4434995013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.531028986 CEST49950443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.531039000 CEST4434995013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.577533007 CEST4434995313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.578999043 CEST49953443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.579016924 CEST4434995313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.579524994 CEST49953443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.579530001 CEST4434995313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.587919950 CEST4434995213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.588294029 CEST4434995413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.592068911 CEST49952443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.592096090 CEST4434995213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.596560001 CEST49952443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.596569061 CEST4434995213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.597075939 CEST49954443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.597095966 CEST4434995413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.597537994 CEST49954443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.597543955 CEST4434995413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.613922119 CEST4434995113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.614373922 CEST49951443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.614389896 CEST4434995113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.614818096 CEST49951443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.614824057 CEST4434995113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.639759064 CEST4434995013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.639836073 CEST4434995013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.639944077 CEST4434995013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.639988899 CEST49950443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.640034914 CEST49950443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.640348911 CEST49950443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.640398026 CEST4434995013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.640428066 CEST49950443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.640444994 CEST4434995013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.643464088 CEST49955443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.643497944 CEST4434995513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.643599987 CEST49955443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.643776894 CEST49955443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.643784046 CEST4434995513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.678606033 CEST4434995313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.678633928 CEST4434995313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.678685904 CEST4434995313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.678734064 CEST49953443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.678771019 CEST49953443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.678992987 CEST49953443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.679014921 CEST4434995313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.679038048 CEST49953443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.679050922 CEST4434995313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.682445049 CEST49956443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.682472944 CEST4434995613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.682547092 CEST49956443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.682682991 CEST49956443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.682694912 CEST4434995613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.693392038 CEST4434995213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.693572044 CEST4434995213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.693636894 CEST49952443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.693672895 CEST49952443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.693695068 CEST4434995213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.693707943 CEST49952443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.693716049 CEST4434995213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.695060968 CEST4434995413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.695519924 CEST4434995413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.695599079 CEST49954443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.695648909 CEST49954443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.695677996 CEST4434995413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.695703030 CEST49954443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.695714951 CEST4434995413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.696352005 CEST49957443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.696394920 CEST4434995713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.696450949 CEST49957443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.696717024 CEST49957443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.696732044 CEST4434995713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.698082924 CEST49958443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.698095083 CEST4434995813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.698178053 CEST49958443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.698308945 CEST49958443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.698323011 CEST4434995813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.719261885 CEST4434995113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.719337940 CEST4434995113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.719425917 CEST49951443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.719563961 CEST49951443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.719580889 CEST4434995113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.719589949 CEST49951443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.719595909 CEST4434995113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.721941948 CEST49959443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.721968889 CEST4434995913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:27.722050905 CEST49959443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.722284079 CEST49959443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:27.722296953 CEST4434995913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.296422005 CEST4434995513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.297199965 CEST49955443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.297224045 CEST4434995513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.297642946 CEST49955443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.297648907 CEST4434995513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.322258949 CEST4434995613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.322824001 CEST49956443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.322841883 CEST4434995613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.323189020 CEST49956443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.323194027 CEST4434995613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.340497971 CEST4434995813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.340780973 CEST49958443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.340831995 CEST4434995813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.341124058 CEST49958443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.341140032 CEST4434995813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.376693010 CEST4434995913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.377414942 CEST49959443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.377429008 CEST4434995913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.377728939 CEST49959443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.377733946 CEST4434995913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.379170895 CEST4434995713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.379400015 CEST49957443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.379422903 CEST4434995713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.379688978 CEST49957443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.379694939 CEST4434995713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.398982048 CEST4434995513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.399147034 CEST4434995513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.399334908 CEST49955443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.399631977 CEST49955443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.399650097 CEST4434995513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.399661064 CEST49955443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.399666071 CEST4434995513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.402764082 CEST49960443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.402827978 CEST4434996013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.402925968 CEST49960443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.403081894 CEST49960443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.403103113 CEST4434996013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.427308083 CEST4434995613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.427326918 CEST4434995613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.427356958 CEST4434995613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.427440882 CEST49956443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.427555084 CEST49956443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.427886963 CEST49956443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.427900076 CEST4434995613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.427908897 CEST49956443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.427913904 CEST4434995613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.430053949 CEST49961443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.430130005 CEST4434996113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.430221081 CEST49961443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.430361986 CEST49961443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.430394888 CEST4434996113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.441044092 CEST4434995813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.441070080 CEST4434995813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.441107988 CEST4434995813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.441137075 CEST49958443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.441180944 CEST49958443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.441308975 CEST49958443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.441308975 CEST49958443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.441345930 CEST4434995813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.441370010 CEST4434995813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.443201065 CEST49962443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.443226099 CEST4434996213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.443306923 CEST49962443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.443454027 CEST49962443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.443479061 CEST4434996213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.477642059 CEST4434995913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.480304956 CEST4434995913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.480385065 CEST49959443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.480401993 CEST49959443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.480407000 CEST4434995913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.480418921 CEST49959443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.480421066 CEST4434995913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.482175112 CEST49963443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.482227087 CEST4434996313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.482296944 CEST49963443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.482394934 CEST49963443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.482410908 CEST4434996313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.485274076 CEST4434995713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.488030910 CEST4434995713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.488133907 CEST49957443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.488226891 CEST49957443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.488257885 CEST4434995713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.488295078 CEST49957443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.488311052 CEST4434995713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.490447044 CEST49964443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.490482092 CEST4434996413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:28.490549088 CEST49964443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.490680933 CEST49964443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:28.490698099 CEST4434996413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.055990934 CEST4434996013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.072721004 CEST4434996113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.083092928 CEST4434996213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.091053963 CEST49960443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.091092110 CEST4434996013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.091543913 CEST49960443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.091552019 CEST4434996013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.118068933 CEST49961443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.131452084 CEST49962443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.131515980 CEST4434996213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.131809950 CEST49962443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.131827116 CEST4434996213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.131911993 CEST49961443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.131926060 CEST4434996113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.132236958 CEST49961443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.132247925 CEST4434996113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.133196115 CEST4434996313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.134769917 CEST4434996413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.135133028 CEST49964443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.135152102 CEST4434996413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.147061110 CEST49964443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.147070885 CEST4434996413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.187536001 CEST49963443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.188757896 CEST4434996013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.189285994 CEST4434996013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.189361095 CEST49960443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.203223944 CEST49963443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.203237057 CEST4434996313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.203772068 CEST49963443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.203783035 CEST4434996313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.227405071 CEST4434996113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.228023052 CEST4434996113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.228108883 CEST49961443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.229245901 CEST4434996213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.229305029 CEST4434996213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.229357004 CEST49962443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.239846945 CEST49960443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.239873886 CEST4434996013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.239886045 CEST49960443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.239893913 CEST4434996013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.244836092 CEST4434996413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.245404005 CEST4434996413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.245445013 CEST4434996413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.245465994 CEST49964443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.245482922 CEST49964443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.260771036 CEST49964443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.260808945 CEST4434996413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.260824919 CEST49964443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.260833979 CEST4434996413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.267330885 CEST49961443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.267406940 CEST4434996113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.267484903 CEST49961443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.267505884 CEST4434996113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.286643028 CEST49962443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.286709070 CEST4434996213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.286760092 CEST49962443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.286781073 CEST4434996213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.299923897 CEST4434996313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.300240040 CEST4434996313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.300308943 CEST49963443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.360961914 CEST49963443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.360961914 CEST49963443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.361027002 CEST4434996313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.361052036 CEST4434996313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.366014004 CEST49965443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.366046906 CEST4434996513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.366113901 CEST49965443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.366843939 CEST49965443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.366854906 CEST4434996513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.368195057 CEST49966443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.368201971 CEST4434996613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.368264914 CEST49966443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.368374109 CEST49966443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.368383884 CEST4434996613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.369949102 CEST49967443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.369992018 CEST4434996713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.370045900 CEST49967443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.370663881 CEST49968443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.370778084 CEST4434996813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.370846033 CEST49968443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.371164083 CEST49967443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.371181965 CEST4434996713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.379733086 CEST49968443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.379777908 CEST4434996813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.380978107 CEST49969443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.381011963 CEST4434996913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:29.381081104 CEST49969443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.381182909 CEST49969443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:29.381196022 CEST4434996913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.017487049 CEST4434996713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.018054008 CEST49967443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.018069029 CEST4434996713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.018661976 CEST49967443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.018667936 CEST4434996713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.021822929 CEST4434996513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.022165060 CEST49965443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.022188902 CEST4434996513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.022562981 CEST49965443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.022567987 CEST4434996513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.024781942 CEST4434996913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.025352955 CEST49969443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.025388002 CEST4434996913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.025738001 CEST49969443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.025743008 CEST4434996913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.025754929 CEST4434996613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.026005030 CEST49966443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.026021957 CEST4434996613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.026417017 CEST49966443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.026422024 CEST4434996613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.051086903 CEST4434996813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.051565886 CEST49968443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.051651001 CEST4434996813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.051959038 CEST49968443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.051974058 CEST4434996813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.116883039 CEST4434996713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.116940022 CEST4434996713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.117038012 CEST49967443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.117388964 CEST49967443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.117412090 CEST4434996713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.120903015 CEST49970443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.120949030 CEST4434997013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.121027946 CEST49970443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.121175051 CEST49970443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.121186972 CEST4434997013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.121916056 CEST4434996513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.122020006 CEST4434996513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.122080088 CEST49965443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.122096062 CEST4434996513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.122138023 CEST4434996513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.122193098 CEST49965443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.122222900 CEST49965443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.122237921 CEST4434996513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.122246027 CEST49965443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.122251034 CEST4434996513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.124257088 CEST49971443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.124322891 CEST4434997113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.124396086 CEST49971443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.124593019 CEST49971443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.124624014 CEST4434997113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.124773979 CEST4434996913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.124830961 CEST4434996913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.124886036 CEST49969443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.125117064 CEST49969443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.125127077 CEST4434996913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.125138998 CEST49969443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.125144005 CEST4434996913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.126861095 CEST4434996613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.127011061 CEST4434996613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.127069950 CEST49966443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.127090931 CEST49966443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.127096891 CEST4434996613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.127492905 CEST49972443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.127594948 CEST4434997213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.127676010 CEST49972443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.127825975 CEST49972443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.127880096 CEST4434997213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.129055023 CEST49973443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.129092932 CEST4434997313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.129174948 CEST49973443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.129280090 CEST49973443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.129292965 CEST4434997313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.154340029 CEST4434996813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.154679060 CEST4434996813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.154731035 CEST4434996813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.154755116 CEST49968443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.154808998 CEST49968443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.154850006 CEST49968443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.154850006 CEST49968443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.154882908 CEST4434996813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.154908895 CEST4434996813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.156680107 CEST49974443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.156718969 CEST4434997413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.156791925 CEST49974443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.156908035 CEST49974443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.156918049 CEST4434997413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.883059978 CEST4434997013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.883904934 CEST49970443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.883934021 CEST4434997013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.884419918 CEST49970443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.884424925 CEST4434997013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.888711929 CEST4434997413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.889132977 CEST49974443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.889148951 CEST4434997413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.889565945 CEST49974443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.889570951 CEST4434997413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.889666080 CEST4434997113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.889787912 CEST4434997313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.890152931 CEST49971443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.890217066 CEST49973443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.890227079 CEST4434997113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.890229940 CEST4434997313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.890641928 CEST49973443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.890645981 CEST4434997313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.890877962 CEST49971443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.890892029 CEST4434997113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.893822908 CEST4434997213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.894156933 CEST49972443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.894206047 CEST4434997213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.894566059 CEST49972443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.894578934 CEST4434997213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.985161066 CEST4434997013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.985212088 CEST4434997013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.985290051 CEST4434997013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.985301018 CEST49970443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.985342979 CEST49970443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.985589981 CEST49970443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.985608101 CEST4434997013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.985616922 CEST49970443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.985624075 CEST4434997013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.988791943 CEST49975443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.988868952 CEST4434997513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.988970041 CEST49975443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.989129066 CEST49975443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.989162922 CEST4434997513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.991090059 CEST4434997113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.991708040 CEST4434997313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.991765022 CEST4434997313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.991816044 CEST49973443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.991832972 CEST4434997313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.991903067 CEST49973443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.991909027 CEST4434997313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.991918087 CEST49973443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.991930008 CEST4434997313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.992152929 CEST4434997113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.992157936 CEST4434997413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.992185116 CEST4434997413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.992213964 CEST4434997413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.992228985 CEST49974443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.992216110 CEST49971443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.992248058 CEST49974443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.992384911 CEST49971443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.992429018 CEST4434997113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.992455006 CEST49974443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.992469072 CEST4434997413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.992477894 CEST49974443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.992481947 CEST4434997413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.994710922 CEST49976443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.994746923 CEST4434997613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.994779110 CEST49977443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.994811058 CEST49976443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.994820118 CEST4434997713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.994868040 CEST49977443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.994983912 CEST49977443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.995002985 CEST4434997713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.995071888 CEST49976443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.995086908 CEST4434997613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.995629072 CEST49978443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.995640993 CEST4434997813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.995702028 CEST49978443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.995722055 CEST4434997213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.995768070 CEST4434997213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.995820999 CEST49972443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.995841026 CEST4434997213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.995857954 CEST49978443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.995873928 CEST4434997813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.995930910 CEST49972443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.995930910 CEST49972443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.995959997 CEST4434997213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.996299982 CEST4434997213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.996417999 CEST4434997213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.996474028 CEST49972443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.997734070 CEST49979443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.997746944 CEST4434997913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:30.997812986 CEST49979443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.997936964 CEST49979443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:30.997951031 CEST4434997913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.634694099 CEST4434997713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.635863066 CEST4434997813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.637931108 CEST4434997613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.638140917 CEST4434997513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.638957024 CEST49977443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.638982058 CEST4434997713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.639424086 CEST49977443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.639431953 CEST4434997713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.639636993 CEST49978443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.639653921 CEST4434997813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.639975071 CEST49978443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.639981031 CEST4434997813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.640161991 CEST49976443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.640181065 CEST4434997613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.640463114 CEST49976443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.640469074 CEST4434997613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.640651941 CEST49975443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.640716076 CEST4434997513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.640969038 CEST49975443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.640986919 CEST4434997513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.644397974 CEST4434997913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.644829035 CEST49979443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.644840002 CEST4434997913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.645229101 CEST49979443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.645236015 CEST4434997913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.740354061 CEST4434997813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.741216898 CEST4434997713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.741230011 CEST4434997813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.741240978 CEST4434997713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.741292000 CEST4434997713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.741379976 CEST49977443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.741379976 CEST49978443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.742397070 CEST4434997613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.742455959 CEST49977443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.742465973 CEST4434997613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.742523909 CEST49976443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.742533922 CEST4434997613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.742571115 CEST4434997613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.742626905 CEST49976443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.743088961 CEST4434997513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.743160963 CEST4434997513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.743211031 CEST49975443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.745496988 CEST4434997913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.745649099 CEST4434997913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.745702982 CEST49979443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.856998920 CEST49978443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.857029915 CEST4434997813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.857047081 CEST49978443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.857057095 CEST4434997813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.864294052 CEST49979443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.864336014 CEST4434997913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.864375114 CEST49979443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.864382982 CEST4434997913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.867412090 CEST49977443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.867412090 CEST49977443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.867424011 CEST4434997713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.867434025 CEST4434997713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.873311043 CEST49976443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.873317957 CEST4434997613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.883059025 CEST49975443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.883104086 CEST4434997513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.883120060 CEST49975443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.883128881 CEST4434997513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.896156073 CEST49980443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.896256924 CEST4434998013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.896344900 CEST49980443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.897521019 CEST49981443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.897561073 CEST4434998113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.897617102 CEST49981443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.901788950 CEST49982443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.901798010 CEST4434998213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.901851892 CEST49982443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.901983023 CEST49980443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.902023077 CEST4434998013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.902498007 CEST49983443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.902520895 CEST4434998313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.902590990 CEST49983443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.902656078 CEST49981443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.902672052 CEST4434998113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.902740002 CEST49984443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.902770996 CEST4434998413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.902784109 CEST49983443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.902808905 CEST4434998313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.902823925 CEST49984443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.903371096 CEST49982443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.903383970 CEST4434998213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:31.903599024 CEST49984443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:31.903615952 CEST4434998413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.557526112 CEST4434998413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.558321953 CEST49984443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.558353901 CEST4434998413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.558969021 CEST49984443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.558974981 CEST4434998413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.561439991 CEST4434998013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.561749935 CEST49980443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.561819077 CEST4434998013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.562119007 CEST49980443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.562133074 CEST4434998013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.567440987 CEST4434998313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.567768097 CEST49983443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.567805052 CEST4434998313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.568106890 CEST49983443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.568118095 CEST4434998313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.570327044 CEST4434998213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.570694923 CEST49982443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.570739985 CEST4434998213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.570914984 CEST49982443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.570921898 CEST4434998213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.575689077 CEST4434998113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.575964928 CEST49981443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.575973988 CEST4434998113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.576235056 CEST49981443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.576240063 CEST4434998113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.658216953 CEST4434998413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.658585072 CEST4434998413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.658629894 CEST4434998413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.658653021 CEST49984443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.658687115 CEST49984443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.658727884 CEST49984443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.658751011 CEST4434998413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.658766031 CEST49984443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.658773899 CEST4434998413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.661535025 CEST4434998013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.661555052 CEST49985443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.661596060 CEST4434998513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.661664963 CEST49985443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.661768913 CEST49985443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.661787987 CEST4434998513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.661794901 CEST4434998013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.661866903 CEST49980443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.661932945 CEST49980443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.661932945 CEST49980443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.661972046 CEST4434998013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.661998987 CEST4434998013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.663856030 CEST49986443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.663867950 CEST4434998613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.663933039 CEST49986443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.664064884 CEST49986443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.664079905 CEST4434998613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.670648098 CEST4434998313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.670703888 CEST4434998313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.670770884 CEST49983443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.670881987 CEST49983443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.670881987 CEST49983443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.670903921 CEST4434998313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.670924902 CEST4434998313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.672738075 CEST49987443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.672769070 CEST4434998713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.672851086 CEST49987443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.672962904 CEST49987443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.672977924 CEST4434998713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.673790932 CEST4434998213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.673882961 CEST4434998213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.673944950 CEST49982443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.674012899 CEST49982443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.674029112 CEST4434998213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.674037933 CEST49982443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.674042940 CEST4434998213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.675812006 CEST49988443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.675864935 CEST4434998813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.675942898 CEST49988443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.676073074 CEST49988443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.676101923 CEST4434998813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.678250074 CEST4434998113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.678683043 CEST4434998113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.678738117 CEST49981443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.678746939 CEST4434998113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.678805113 CEST4434998113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.678817987 CEST49981443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.678828955 CEST4434998113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.678838968 CEST49981443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.678843021 CEST4434998113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.678848982 CEST49981443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.678853989 CEST4434998113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.680529118 CEST49989443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.680547953 CEST4434998913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:32.680608034 CEST49989443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.680706978 CEST49989443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:32.680717945 CEST4434998913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.314472914 CEST4434998813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.315305948 CEST49988443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.315378904 CEST4434998813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.315679073 CEST49988443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.315697908 CEST4434998813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.319134951 CEST4434998613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.319447041 CEST49986443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.319483042 CEST4434998613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.319833040 CEST49986443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.319840908 CEST4434998613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.322516918 CEST4434998713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.322850943 CEST49987443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.322863102 CEST4434998713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.323235035 CEST49987443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.323240042 CEST4434998713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.325160980 CEST4434998913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.325503111 CEST49989443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.325526953 CEST4434998913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.325882912 CEST49989443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.325887918 CEST4434998913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.338011980 CEST4434998513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.338515997 CEST49985443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.338536978 CEST4434998513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.338908911 CEST49985443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.338915110 CEST4434998513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.414614916 CEST4434998813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.414923906 CEST4434998813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.415044069 CEST4434998813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.415134907 CEST49988443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.415136099 CEST49988443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.415232897 CEST49988443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.415232897 CEST49988443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.415280104 CEST4434998813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.415317059 CEST4434998813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.417958021 CEST49990443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.417989969 CEST4434999013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.418087959 CEST49990443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.418325901 CEST49990443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.418342113 CEST4434999013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.420218945 CEST4434998613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.420875072 CEST4434998613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.420942068 CEST49986443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.420969009 CEST49986443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.420994043 CEST4434998613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.421010017 CEST49986443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.421016932 CEST4434998613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.423048973 CEST49991443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.423096895 CEST4434998913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.423122883 CEST4434999113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.423218966 CEST49991443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.423379898 CEST49991443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.423407078 CEST4434999113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.423574924 CEST4434998913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.423630953 CEST49989443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.423655033 CEST49989443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.423664093 CEST4434998913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.423672915 CEST49989443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.423677921 CEST4434998913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.424491882 CEST4434998713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.424549103 CEST4434998713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.424603939 CEST49987443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.424710989 CEST49987443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.424725056 CEST4434998713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.424736023 CEST49987443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.424740076 CEST4434998713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.425699949 CEST49992443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.425767899 CEST4434999213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.425839901 CEST49992443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.425964117 CEST49992443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.425986052 CEST4434999213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.426486969 CEST49993443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.426525116 CEST4434999313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.426593065 CEST49993443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.426704884 CEST49993443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.426717997 CEST4434999313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.443847895 CEST4434998513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.443916082 CEST4434998513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.443984985 CEST49985443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.443998098 CEST4434998513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.444017887 CEST4434998513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.444071054 CEST49985443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.444099903 CEST49985443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.444108009 CEST4434998513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.444139004 CEST49985443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.444144011 CEST4434998513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.446141958 CEST49994443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.446171045 CEST4434999413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:33.446260929 CEST49994443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.446363926 CEST49994443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:33.446388960 CEST4434999413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.063458920 CEST4434999013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.064121962 CEST49990443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.064165115 CEST4434999013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.064609051 CEST49990443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.064615011 CEST4434999013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.070802927 CEST4434999313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.071088076 CEST49993443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.071116924 CEST4434999313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.071742058 CEST49993443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.071747065 CEST4434999313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.074243069 CEST4434999213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.078874111 CEST49992443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.078896999 CEST4434999213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.079273939 CEST49992443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.079282045 CEST4434999213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.094827890 CEST4434999413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.095540047 CEST49994443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.095571041 CEST4434999413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.095983982 CEST49994443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.095994949 CEST4434999413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.118181944 CEST4434999113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.118798018 CEST49991443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.118853092 CEST4434999113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.119251966 CEST49991443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.119265079 CEST4434999113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.167314053 CEST4434999013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.167381048 CEST4434999013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.167500973 CEST4434999013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.167516947 CEST49990443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.167563915 CEST49990443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.172614098 CEST4434999313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.173091888 CEST4434999313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.173129082 CEST4434999313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.173167944 CEST49993443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.173213005 CEST49993443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.185189962 CEST4434999213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.185339928 CEST4434999213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.185410023 CEST49992443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.197393894 CEST4434999413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.197443962 CEST4434999413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.197676897 CEST49994443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.222531080 CEST4434999113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.222685099 CEST4434999113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.222774982 CEST49991443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.320379972 CEST49990443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.320417881 CEST4434999013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.320430994 CEST49990443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.320437908 CEST4434999013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.320630074 CEST49991443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.320724964 CEST4434999113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.320776939 CEST49991443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.320800066 CEST4434999113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.346898079 CEST49993443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.346963882 CEST4434999313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.347112894 CEST49993443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.347131968 CEST4434999313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.348217964 CEST49992443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.348275900 CEST4434999213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.348321915 CEST49992443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.348342896 CEST4434999213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.348967075 CEST49994443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.348968029 CEST49994443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.348985910 CEST4434999413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.349009037 CEST4434999413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.364193916 CEST49995443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.364233971 CEST4434999513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.364300966 CEST49995443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.366782904 CEST49996443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.366831064 CEST4434999613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.366889000 CEST49996443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.367124081 CEST49997443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.367176056 CEST4434999713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.367229939 CEST49997443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.368052006 CEST49998443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.368061066 CEST4434999813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.368118048 CEST49998443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.368881941 CEST49995443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.368896961 CEST4434999513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.369014978 CEST49999443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.369030952 CEST4434999913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.369075060 CEST49999443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.369155884 CEST49996443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.369175911 CEST4434999613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.369246960 CEST49997443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.369259119 CEST4434999713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.369286060 CEST49999443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.369301081 CEST4434999913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:34.369371891 CEST49998443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:34.369378090 CEST4434999813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.005090952 CEST4434999913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.005620003 CEST49999443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.005666971 CEST4434999913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.006114960 CEST49999443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.006129980 CEST4434999913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.006211996 CEST4434999613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.006504059 CEST49996443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.006534100 CEST4434999613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.006879091 CEST49996443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.006890059 CEST4434999613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.007345915 CEST4434999813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.007610083 CEST49998443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.007631063 CEST4434999813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.007968903 CEST49998443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.007973909 CEST4434999813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.013181925 CEST4434999713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.013509989 CEST49997443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.013524055 CEST4434999713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.013923883 CEST49997443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.013928890 CEST4434999713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.038793087 CEST4434999513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.039170980 CEST49995443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.039221048 CEST4434999513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.039582014 CEST49995443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.039597034 CEST4434999513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.117501020 CEST4434999613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.117563963 CEST4434999613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.117628098 CEST49996443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.117646933 CEST4434999613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.117679119 CEST4434999613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.117733002 CEST49996443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.117914915 CEST49996443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.117914915 CEST49996443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.117955923 CEST4434999613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.117980003 CEST4434999613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.119447947 CEST4434999913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.119628906 CEST4434999913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.119702101 CEST49999443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.120055914 CEST49999443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.120073080 CEST4434999913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.120095968 CEST49999443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.120110989 CEST4434999913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.121273041 CEST50000443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.121325016 CEST4435000013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.121403933 CEST50000443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.121562958 CEST50000443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.121581078 CEST4435000013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.122311115 CEST50001443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.122409105 CEST4435000113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.122499943 CEST50001443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.122500896 CEST4434999813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.122526884 CEST4434999813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.122566938 CEST49998443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.122575045 CEST4434999813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.122620106 CEST49998443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.122699022 CEST50001443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.122731924 CEST49998443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.122731924 CEST49998443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.122734070 CEST4435000113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.122745991 CEST4434999813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.122752905 CEST4434999813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.124752998 CEST50002443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.124775887 CEST4435000213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.124871016 CEST50002443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.125010967 CEST50002443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.125035048 CEST4435000213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.126020908 CEST4434999713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.126105070 CEST4434999713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.126158953 CEST49997443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.126215935 CEST49997443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.126224995 CEST4434999713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.126234055 CEST49997443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.126240015 CEST4434999713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.128130913 CEST50003443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.128145933 CEST4435000313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.128345013 CEST50003443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.128345013 CEST50003443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.128374100 CEST4435000313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.144740105 CEST4434999513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.145303965 CEST4434999513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.145373106 CEST49995443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.145437956 CEST49995443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.145437956 CEST49995443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.145468950 CEST4434999513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.145493984 CEST4434999513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.147413015 CEST50004443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.147444010 CEST4435000413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.147521019 CEST50004443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.147648096 CEST50004443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.147665024 CEST4435000413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.771008968 CEST4435000313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.771780014 CEST50003443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.771804094 CEST4435000313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.772315025 CEST50003443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.772321939 CEST4435000313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.784107924 CEST4435000013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.784332991 CEST4435000113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.784465075 CEST50000443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.784476042 CEST4435000013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.784723997 CEST50001443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.784766912 CEST4435000113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.784863949 CEST50000443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.784869909 CEST4435000013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.785095930 CEST50001443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.785113096 CEST4435000113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.799103022 CEST4435000213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.799455881 CEST50002443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.799493074 CEST4435000213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.799940109 CEST50002443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.799997091 CEST4435000213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.824628115 CEST4435000413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.825067043 CEST50004443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.825086117 CEST4435000413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.825464010 CEST50004443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.825473070 CEST4435000413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.871774912 CEST4435000313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.872167110 CEST4435000313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.872231007 CEST50003443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.873174906 CEST50003443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.873193026 CEST4435000313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.873207092 CEST50003443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.873214960 CEST4435000313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.876930952 CEST50005443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.876966953 CEST4435000513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.877046108 CEST50005443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.877172947 CEST50005443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.877180099 CEST4435000513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.885032892 CEST4435000013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.885412931 CEST4435000013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.885464907 CEST50000443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.885652065 CEST4435000113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.885797024 CEST4435000113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.885855913 CEST50001443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.885931969 CEST50000443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.885940075 CEST4435000013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.885952950 CEST50000443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.885958910 CEST4435000013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.886092901 CEST50001443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.886115074 CEST4435000113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.886126995 CEST50001443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.886132002 CEST4435000113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.890846014 CEST50006443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.890873909 CEST4435000613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.890949011 CEST50006443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.890979052 CEST50007443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.891014099 CEST4435000713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.891071081 CEST50007443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.891180992 CEST50006443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.891195059 CEST4435000613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.891235113 CEST50007443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.891252995 CEST4435000713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.903664112 CEST4435000213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.904072046 CEST4435000213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.904119968 CEST4435000213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.904125929 CEST50002443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.904175043 CEST50002443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.904472113 CEST50002443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.904495001 CEST4435000213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.904508114 CEST50002443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.904515028 CEST4435000213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.908339977 CEST50008443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.908370018 CEST4435000813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.908457994 CEST50008443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.909873962 CEST50008443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.909883976 CEST4435000813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.929660082 CEST4435000413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.929732084 CEST4435000413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.929780960 CEST50004443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.929800034 CEST4435000413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.929830074 CEST4435000413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.929879904 CEST50004443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.930063963 CEST50004443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.930082083 CEST4435000413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.930099010 CEST50004443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.930107117 CEST4435000413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.935928106 CEST50009443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.935975075 CEST4435000913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:35.936047077 CEST50009443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.936212063 CEST50009443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:35.936235905 CEST4435000913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.679590940 CEST4435000613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.682660103 CEST4435000913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.682956934 CEST4435000513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.686528921 CEST50006443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.686563969 CEST4435000613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.687017918 CEST50006443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.687031984 CEST4435000613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.688635111 CEST50009443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.688663960 CEST4435000913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.688842058 CEST4435000813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.688867092 CEST4435000713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.692534924 CEST50009443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.692549944 CEST4435000913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.694426060 CEST50008443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.694453955 CEST4435000813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.699011087 CEST50008443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.699019909 CEST4435000813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.699292898 CEST50005443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.699321032 CEST4435000513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.699676991 CEST50005443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.699687958 CEST4435000513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.699918985 CEST50007443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.699949980 CEST4435000713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.700274944 CEST50007443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.700282097 CEST4435000713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.786184072 CEST4435000613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.786253929 CEST4435000613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.786315918 CEST50006443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.786339998 CEST4435000613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.786380053 CEST4435000613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.786429882 CEST50006443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.788264990 CEST4435000913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.788727045 CEST4435000913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.788774014 CEST50009443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.795165062 CEST4435000513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.795229912 CEST4435000513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.795289040 CEST50005443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.796042919 CEST4435000813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.796185970 CEST4435000813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.796231031 CEST50008443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.799669981 CEST50006443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.799686909 CEST4435000613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.799698114 CEST50006443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.799704075 CEST4435000613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.800589085 CEST4435000713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.800733089 CEST4435000713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.800785065 CEST50007443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.803421021 CEST50009443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.803446054 CEST4435000913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.803462029 CEST50009443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.803468943 CEST4435000913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.824402094 CEST50007443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.824402094 CEST50007443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.824450970 CEST4435000713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.824480057 CEST4435000713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.825532913 CEST50005443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.825558901 CEST4435000513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.825584888 CEST50005443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.825598001 CEST4435000513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.826385975 CEST50008443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.826431036 CEST4435000813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.826459885 CEST50008443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.826476097 CEST4435000813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.832938910 CEST50010443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.832969904 CEST4435001013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.833029985 CEST50010443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.833921909 CEST50011443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.833971977 CEST4435001113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.834057093 CEST50011443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.835011005 CEST50012443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.835107088 CEST4435001213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.835182905 CEST50012443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.835351944 CEST50010443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.835370064 CEST4435001013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.835467100 CEST50011443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.835500002 CEST4435001113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.836034060 CEST50013443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.836105108 CEST4435001313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.836168051 CEST50013443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.836606979 CEST50014443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.836632013 CEST4435001413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.836658001 CEST50013443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.836693048 CEST4435001313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.836714029 CEST50014443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.836788893 CEST50014443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.836802006 CEST4435001413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:36.837065935 CEST50012443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:36.837102890 CEST4435001213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.482240915 CEST4435001213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.482980967 CEST50012443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.483019114 CEST4435001213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.483588934 CEST50012443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.483597994 CEST4435001213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.496141911 CEST4435001413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.496532917 CEST50014443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.496599913 CEST4435001413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.496964931 CEST50014443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.496983051 CEST4435001413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.498367071 CEST4435001113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.498686075 CEST50011443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.498775959 CEST4435001113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.499109030 CEST50011443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.499125957 CEST4435001113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.500435114 CEST4435001013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.500916004 CEST50010443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.500998020 CEST4435001013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.501291990 CEST50010443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.501307011 CEST4435001013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.520602942 CEST4435001313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.520947933 CEST50013443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.521028996 CEST4435001313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.521327972 CEST50013443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.521344900 CEST4435001313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.595424891 CEST4435001213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.595725060 CEST4435001213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.595918894 CEST50012443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.595920086 CEST50012443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.595920086 CEST50012443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.596359015 CEST4435001413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.597022057 CEST4435001413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.597088099 CEST50014443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.597141027 CEST50014443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.597167015 CEST4435001413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.597183943 CEST50014443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.597192049 CEST4435001413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.597754002 CEST4435001113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.597835064 CEST4435001113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.597894907 CEST50011443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.598198891 CEST50011443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.598222971 CEST4435001113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.598237038 CEST50011443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.598243952 CEST4435001113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.599312067 CEST50015443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.599350929 CEST4435001513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.599431038 CEST50015443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.599628925 CEST50015443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.599646091 CEST4435001513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.600467920 CEST50016443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.600480080 CEST4435001613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.600553989 CEST50016443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.600673914 CEST50017443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.600680113 CEST50016443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.600692034 CEST4435001613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.600713968 CEST4435001713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.600764990 CEST50017443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.600845098 CEST50017443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.600863934 CEST4435001713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.601758003 CEST4435001013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.601850033 CEST4435001013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.601906061 CEST50010443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.601958036 CEST50010443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.601958036 CEST50010443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.601994038 CEST4435001013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.602018118 CEST4435001013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.604795933 CEST50018443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.604814053 CEST4435001813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.604887962 CEST50018443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.605024099 CEST50018443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.605041981 CEST4435001813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.625842094 CEST4435001313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.626605988 CEST4435001313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.626651049 CEST4435001313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.626811028 CEST50013443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.626811028 CEST50013443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.626811028 CEST50013443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.626811028 CEST50013443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.628916025 CEST50019443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.628961086 CEST4435001913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.629049063 CEST50019443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.629169941 CEST50019443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.629184008 CEST4435001913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.899662971 CEST50012443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.899713039 CEST4435001213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:37.930917025 CEST50013443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:37.930988073 CEST4435001313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.245089054 CEST4435001613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.245758057 CEST50016443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.245801926 CEST4435001613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.246258974 CEST50016443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.246267080 CEST4435001613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.259870052 CEST4435001813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.260166883 CEST4435001713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.260360956 CEST50018443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.260423899 CEST4435001813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.260473967 CEST50017443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.260492086 CEST4435001713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.260843039 CEST50018443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.260843039 CEST50017443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.260860920 CEST4435001813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.260893106 CEST4435001713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.273251057 CEST4435001513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.273765087 CEST50015443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.273777008 CEST4435001513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.274188042 CEST50015443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.274195910 CEST4435001513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.278713942 CEST4435001913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.279092073 CEST50019443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.279102087 CEST4435001913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.279512882 CEST50019443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.279520035 CEST4435001913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.344006062 CEST4435001613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.344176054 CEST4435001613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.344261885 CEST50016443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.344441891 CEST50016443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.344485998 CEST4435001613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.344513893 CEST50016443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.344531059 CEST4435001613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.347548962 CEST50020443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.347603083 CEST4435002013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.347688913 CEST50020443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.347848892 CEST50020443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.347872019 CEST4435002013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.361293077 CEST4435001813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.361907005 CEST4435001713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.362030029 CEST4435001813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.362068892 CEST4435001813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.362101078 CEST50018443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.362201929 CEST4435001713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.362301111 CEST50018443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.362301111 CEST50018443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.362302065 CEST50018443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.362302065 CEST50017443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.364212036 CEST50017443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.364212036 CEST50017443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.364250898 CEST4435001713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.364278078 CEST4435001713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.365020037 CEST50021443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.365073919 CEST4435002113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.365087986 CEST50022443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.365098000 CEST4435002213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.365145922 CEST50021443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.365178108 CEST50022443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.365310907 CEST50022443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.365310907 CEST50021443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.365333080 CEST4435002213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.365350962 CEST4435002113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.375660896 CEST4435001513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.375792027 CEST4435001513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.375850916 CEST50015443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.376012087 CEST50015443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.376012087 CEST50015443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.376023054 CEST4435001513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.376034021 CEST4435001513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.378488064 CEST50023443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.378500938 CEST4435002313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.378563881 CEST50023443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.378822088 CEST50023443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.378837109 CEST4435002313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.385876894 CEST4435001913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.386257887 CEST4435001913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.386312962 CEST50019443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.386352062 CEST50019443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.386357069 CEST4435001913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.386369944 CEST50019443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.386378050 CEST4435001913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.388410091 CEST50024443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.388448954 CEST4435002413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.388708115 CEST50024443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.388708115 CEST50024443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.388744116 CEST4435002413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:38.665005922 CEST50018443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:38.665071964 CEST4435001813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.161178112 CEST4435002013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.162142992 CEST50020443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.162179947 CEST4435002013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.162633896 CEST50020443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.162642956 CEST4435002013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.163331985 CEST4435002313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.163691044 CEST50023443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.163717985 CEST4435002313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.163748980 CEST4435002413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.163981915 CEST50024443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.164021015 CEST4435002413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.164344072 CEST50023443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.164351940 CEST4435002313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.164381027 CEST50024443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.164391994 CEST4435002413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.167948008 CEST4435002113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.168323040 CEST50021443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.168375969 CEST4435002113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.168874979 CEST50021443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.168889046 CEST4435002113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.168984890 CEST4435002213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.169368029 CEST50022443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.169394970 CEST4435002213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.169759989 CEST50022443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.169771910 CEST4435002213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.262988091 CEST4435002313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.263148069 CEST4435002313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.263230085 CEST50023443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.263457060 CEST50023443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.263478994 CEST4435002313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.263494968 CEST50023443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.263503075 CEST4435002313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.265172958 CEST4435002413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.265275955 CEST4435002413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.265331984 CEST50024443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.266232014 CEST50024443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.266249895 CEST4435002413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.266274929 CEST50024443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.266279936 CEST4435002413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.267337084 CEST4435002013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.267513037 CEST4435002013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.267569065 CEST50020443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.267580986 CEST4435002013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.267596960 CEST4435002013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.267658949 CEST50020443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.267898083 CEST50020443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.267905951 CEST4435002013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.267934084 CEST50020443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.267940998 CEST4435002013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.270385981 CEST50025443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.270422935 CEST4435002513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.270493031 CEST50025443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.270756006 CEST50026443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.270771980 CEST4435002613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.270848989 CEST50026443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.271112919 CEST50025443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.271127939 CEST4435002513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.271209002 CEST50026443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.271215916 CEST4435002613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.271686077 CEST50027443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.271716118 CEST4435002713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.271773100 CEST50027443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.271872044 CEST50027443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.271883965 CEST4435002713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.272490025 CEST4435002113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.272957087 CEST4435002213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.273287058 CEST4435002113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.273345947 CEST50021443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.273375034 CEST50021443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.273396015 CEST4435002113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.273408890 CEST50021443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.273415089 CEST4435002113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.273437977 CEST4435002213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.273488998 CEST50022443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.273499966 CEST4435002213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.273555994 CEST4435002213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.273606062 CEST50022443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.274880886 CEST50022443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.274887085 CEST4435002213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.274914980 CEST50022443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.274920940 CEST4435002213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.278759956 CEST50028443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.278804064 CEST4435002813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.278872967 CEST50028443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.278978109 CEST50029443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.279074907 CEST4435002913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.279124022 CEST50028443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.279141903 CEST4435002813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.279149055 CEST50029443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.279990911 CEST50029443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.280024052 CEST4435002913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.653419018 CEST49886443192.168.2.4142.250.181.228
                        Oct 4, 2024 09:17:39.653506994 CEST44349886142.250.181.228192.168.2.4
                        Oct 4, 2024 09:17:39.931463957 CEST4435002913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.932132006 CEST50029443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.932229042 CEST4435002913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.932699919 CEST50029443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.932715893 CEST4435002913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.938683987 CEST4435002513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.939042091 CEST4435002713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.939409018 CEST50025443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.939450026 CEST4435002513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.939462900 CEST50027443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.939481974 CEST4435002713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.939907074 CEST50027443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.939912081 CEST4435002713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.940079927 CEST50025443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.940090895 CEST4435002513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.943058968 CEST4435002813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.943399906 CEST50028443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.943437099 CEST4435002813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.943871021 CEST50028443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.943880081 CEST4435002813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.959089994 CEST4435002613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.959623098 CEST50026443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.959650040 CEST4435002613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:39.960259914 CEST50026443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:39.960270882 CEST4435002613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.033880949 CEST4435002913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.033987999 CEST4435002913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.034076929 CEST50029443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.034118891 CEST4435002913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.034173965 CEST50029443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.037431002 CEST50029443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.037486076 CEST4435002913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.037519932 CEST50029443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.037538052 CEST4435002913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.041033030 CEST50030443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.041071892 CEST4435003013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.041157961 CEST50030443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.041289091 CEST50030443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.041302919 CEST4435003013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.043299913 CEST4435002513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.043544054 CEST4435002513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.043606043 CEST50025443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.043668985 CEST50025443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.043689013 CEST4435002513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.043706894 CEST50025443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.043714046 CEST4435002513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.044388056 CEST4435002713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.044465065 CEST4435002713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.044517040 CEST50027443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.044559956 CEST50027443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.044578075 CEST4435002713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.044589043 CEST50027443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.044594049 CEST4435002713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.045679092 CEST50031443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.045722008 CEST4435003113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.045782089 CEST50031443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.045896053 CEST50031443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.045905113 CEST4435003113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.046129942 CEST50032443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.046166897 CEST4435003213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.046222925 CEST50032443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.046355963 CEST50032443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.046374083 CEST4435003213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.048379898 CEST4435002813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.048445940 CEST4435002813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.048485041 CEST50028443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.048584938 CEST50028443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.048599005 CEST4435002813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.048608065 CEST50028443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.048612118 CEST4435002813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.050499916 CEST50033443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.050534964 CEST4435003313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.050616980 CEST50033443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.050731897 CEST50033443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.050746918 CEST4435003313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.065172911 CEST4435002613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.065216064 CEST4435002613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.065273046 CEST4435002613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.065324068 CEST50026443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.065514088 CEST50026443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.065514088 CEST50026443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.065514088 CEST50026443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.067553043 CEST50034443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.067585945 CEST4435003413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.067666054 CEST50034443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.067799091 CEST50034443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.067816973 CEST4435003413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.367809057 CEST50026443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.367849112 CEST4435002613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.690915108 CEST4435003313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.691296101 CEST4435003213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.691665888 CEST50033443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.691682100 CEST4435003313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.691713095 CEST50032443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.691737890 CEST4435003213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.692301989 CEST50032443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.692307949 CEST4435003213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.692329884 CEST50033443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.692334890 CEST4435003313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.693867922 CEST4435003013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.694246054 CEST50030443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.694277048 CEST4435003013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.694724083 CEST50030443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.694730043 CEST4435003013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.703330994 CEST4435003113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.703830957 CEST50031443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.703885078 CEST4435003113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.704391956 CEST50031443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.704406977 CEST4435003113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.743716955 CEST4435003413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.744375944 CEST50034443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.744401932 CEST4435003413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.745002031 CEST50034443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.745007038 CEST4435003413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.795006037 CEST4435003313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.795037985 CEST4435003313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.795133114 CEST50033443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.795146942 CEST4435003313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.795495987 CEST50033443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.795495987 CEST50033443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.795510054 CEST4435003313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.795649052 CEST4435003313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.795679092 CEST4435003313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.795706987 CEST4435003213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.795721054 CEST4435003213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.795734882 CEST50033443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.795785904 CEST50032443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.795834064 CEST4435003213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.796166897 CEST50032443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.796168089 CEST50032443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.796206951 CEST4435003213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.796367884 CEST4435003213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.796399117 CEST4435003213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.796452999 CEST50032443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.798675060 CEST50035443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.798738003 CEST4435003513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.798819065 CEST50036443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.798862934 CEST4435003613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.798894882 CEST50035443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.798916101 CEST50036443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.799041986 CEST50035443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.799065113 CEST50036443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.799065113 CEST4435003513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.799071074 CEST4435003613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.802901983 CEST4435003013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.803064108 CEST4435003013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.803134918 CEST50030443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.803193092 CEST50030443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.803194046 CEST50030443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.803236008 CEST4435003013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.803262949 CEST4435003013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.805569887 CEST50037443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.805619955 CEST4435003713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.805687904 CEST50037443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.805819035 CEST50037443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.805835962 CEST4435003713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.814070940 CEST4435003113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.814090967 CEST4435003113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.814146996 CEST50031443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.814179897 CEST4435003113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.814349890 CEST50031443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.814351082 CEST50031443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.814384937 CEST4435003113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.814534903 CEST4435003113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.814568996 CEST4435003113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.814614058 CEST50031443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.816386938 CEST50038443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.816401005 CEST4435003813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.816457033 CEST50038443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.816577911 CEST50038443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.816591978 CEST4435003813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.845643044 CEST4435003413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.845666885 CEST4435003413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.845726967 CEST50034443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.845746040 CEST4435003413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.845927954 CEST50034443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.845941067 CEST4435003413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.845949888 CEST50034443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.846137047 CEST4435003413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.846170902 CEST4435003413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.846220016 CEST50034443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.848359108 CEST50039443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.848429918 CEST4435003913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:40.848511934 CEST50039443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.848634005 CEST50039443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:40.848664045 CEST4435003913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.460494995 CEST4435003613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.461705923 CEST4435003713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.463648081 CEST4435003813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.471823931 CEST50036443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.471843004 CEST4435003613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.479962111 CEST50036443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.479969025 CEST4435003613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.487442017 CEST4435003513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.488114119 CEST50035443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.488146067 CEST4435003513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.492222071 CEST50035443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.492232084 CEST4435003513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.495068073 CEST4435003913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.495460033 CEST50039443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.495470047 CEST4435003913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.496078968 CEST50039443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.496083975 CEST4435003913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.498848915 CEST50037443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.498908043 CEST4435003713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.499329090 CEST50037443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.499346018 CEST4435003713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.499638081 CEST50038443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.499655008 CEST4435003813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.500029087 CEST50038443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.500045061 CEST4435003813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.577428102 CEST4435003613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.577487946 CEST4435003613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.577545881 CEST50036443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.577737093 CEST50036443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.577754974 CEST4435003613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.577764988 CEST50036443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.577770948 CEST4435003613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.581352949 CEST50041443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.581389904 CEST4435004113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.581476927 CEST50041443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.581631899 CEST50041443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.581646919 CEST4435004113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.595511913 CEST4435003713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.595669985 CEST4435003713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.595746040 CEST50037443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.595798969 CEST50037443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.595812082 CEST4435003913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.595838070 CEST4435003713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.595839977 CEST4435003913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.595865011 CEST50037443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.595880985 CEST4435003713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.595901012 CEST50039443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.595911980 CEST4435003913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.595948935 CEST50039443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.596057892 CEST50039443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.596061945 CEST4435003913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.596081972 CEST50039443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.596206903 CEST4435003913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.596235991 CEST4435003913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.596275091 CEST50039443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.596606016 CEST4435003813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.597440004 CEST4435003513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.597558022 CEST4435003813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.597619057 CEST50038443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.597656012 CEST50038443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.597656012 CEST50038443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.597671986 CEST4435003813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.597692013 CEST4435003813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.598189116 CEST4435003513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.598251104 CEST50035443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.598426104 CEST50035443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.598462105 CEST4435003513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.598486900 CEST50035443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.598495007 CEST4435003513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.599786997 CEST50042443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.599801064 CEST4435004213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.599874020 CEST50042443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.600080967 CEST50042443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.600099087 CEST4435004213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.600574017 CEST50043443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.600629091 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.600719929 CEST50043443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.600764990 CEST50044443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.600786924 CEST4435004413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.600836039 CEST50044443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.600913048 CEST50043443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.600930929 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.601022959 CEST50044443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.601031065 CEST4435004413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.601790905 CEST50045443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.601825953 CEST4435004513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:41.601996899 CEST50045443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.601996899 CEST50045443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:41.602024078 CEST4435004513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.234411001 CEST4435004113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.235013962 CEST50041443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.235064030 CEST4435004113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.235551119 CEST50041443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.235563993 CEST4435004113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.240534067 CEST4435004213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.240951061 CEST50042443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.240962029 CEST4435004213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.241342068 CEST50042443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.241348028 CEST4435004213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.241857052 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.242182970 CEST50043443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.242219925 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.242644072 CEST50043443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.242657900 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.249329090 CEST4435004513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.249840021 CEST50045443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.249867916 CEST4435004513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.250535965 CEST50045443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.250547886 CEST4435004513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.278047085 CEST4435004413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.278413057 CEST50044443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.278422117 CEST4435004413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.278847933 CEST50044443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.278851986 CEST4435004413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.337997913 CEST4435004113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.338025093 CEST4435004113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.338073969 CEST4435004113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.338151932 CEST50041443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.338435888 CEST50041443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.338465929 CEST4435004113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.338480949 CEST50041443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.338489056 CEST4435004113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.341571093 CEST50046443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.341613054 CEST4435004613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.341706038 CEST50046443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.341821909 CEST4435004213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.341846943 CEST50046443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.341847897 CEST4435004213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.341852903 CEST4435004613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.341898918 CEST50042443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.341911077 CEST4435004213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.341981888 CEST4435004213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.342027903 CEST50042443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.342087030 CEST50042443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.342087030 CEST50042443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.342097044 CEST4435004213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.342108011 CEST4435004213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.344126940 CEST50047443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.344158888 CEST4435004713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.344245911 CEST50047443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.344372988 CEST50047443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.344384909 CEST4435004713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.346569061 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.346596956 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.346611977 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.346677065 CEST50043443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.346708059 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.346759081 CEST50043443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.354717970 CEST4435004513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.354787111 CEST4435004513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.354870081 CEST50045443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.354892969 CEST4435004513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.354919910 CEST4435004513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.354945898 CEST50045443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.354973078 CEST50045443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.355010986 CEST50045443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.355035067 CEST4435004513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.355062008 CEST50045443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.355073929 CEST4435004513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.357038975 CEST50048443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.357135057 CEST4435004813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.357223988 CEST50048443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.357342005 CEST50048443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.357363939 CEST4435004813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.384917974 CEST4435004413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.384941101 CEST4435004413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.384994984 CEST4435004413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.385068893 CEST50044443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.385068893 CEST50044443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.385077953 CEST4435004413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.385350943 CEST50044443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.432461023 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.432540894 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.432580948 CEST50043443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.432617903 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.432643890 CEST50043443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.432666063 CEST50043443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.432693005 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.432751894 CEST50043443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.432832003 CEST50043443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.432866096 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.432892084 CEST50043443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.432908058 CEST4435004313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.435794115 CEST50049443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.435838938 CEST4435004913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.435925007 CEST50049443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.436075926 CEST50049443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.436084986 CEST4435004913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.473743916 CEST4435004413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.473834038 CEST4435004413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.473849058 CEST50044443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.473972082 CEST50044443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.473972082 CEST50044443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.474086046 CEST50044443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.474098921 CEST4435004413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.489185095 CEST50050443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.489273071 CEST4435005013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.489371061 CEST50050443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.489533901 CEST50050443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.489569902 CEST4435005013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.980638981 CEST4435004613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.980927944 CEST4435004713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.981266975 CEST50046443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.981298923 CEST4435004613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.981545925 CEST50047443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.981568098 CEST4435004713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.981985092 CEST50047443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.981990099 CEST4435004713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.982089996 CEST50046443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.982100964 CEST4435004613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.999063015 CEST4435004813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:42.999700069 CEST50048443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:42.999777079 CEST4435004813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.000053883 CEST50048443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.000072002 CEST4435004813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.079776049 CEST4435004713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.079864025 CEST4435004713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.080009937 CEST50047443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.080128908 CEST50047443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.080130100 CEST50047443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.080149889 CEST4435004713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.080157995 CEST4435004713.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.080717087 CEST4435004613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.080741882 CEST4435004613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.080794096 CEST4435004613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.080801964 CEST50046443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.080835104 CEST50046443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.081561089 CEST50046443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.081581116 CEST4435004613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.081592083 CEST50046443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.081597090 CEST4435004613.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.084317923 CEST50051443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.084392071 CEST4435005113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.084475040 CEST50051443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.084651947 CEST50051443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.084667921 CEST4435005113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.084789991 CEST50052443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.084825039 CEST4435005213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.084878922 CEST50052443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.084996939 CEST50052443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.085005045 CEST4435005213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.100680113 CEST4435004813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.100696087 CEST4435004913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.100842953 CEST4435004813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.100907087 CEST50048443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.101322889 CEST50049443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.101341009 CEST4435004913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.102288008 CEST50049443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.102293968 CEST4435004913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.102364063 CEST50048443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.102391958 CEST4435004813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.102416992 CEST50048443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.102430105 CEST4435004813.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.105655909 CEST50053443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.105751991 CEST4435005313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.105835915 CEST50053443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.105951071 CEST50053443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.105976105 CEST4435005313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.134761095 CEST4435005013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.136157036 CEST50050443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.136239052 CEST4435005013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.136609077 CEST50050443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.136624098 CEST4435005013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.208537102 CEST4435004913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.209151983 CEST4435004913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.209227085 CEST50049443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.209287882 CEST50049443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.209299088 CEST4435004913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.209306002 CEST50049443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.209311008 CEST4435004913.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.212615013 CEST50054443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.212702990 CEST4435005413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.212790966 CEST50054443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.212937117 CEST50054443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.212968111 CEST4435005413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.239597082 CEST4435005013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.241473913 CEST4435005013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.241657019 CEST50050443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.241718054 CEST50050443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.241772890 CEST4435005013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.241808891 CEST50050443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.241825104 CEST4435005013.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.244483948 CEST50055443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.244513035 CEST4435005513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.244601965 CEST50055443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.244755983 CEST50055443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.244764090 CEST4435005513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.736876965 CEST4435005213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.752103090 CEST4435005113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.760262012 CEST50052443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.760279894 CEST4435005213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.763339996 CEST50052443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.763344049 CEST4435005213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.763725996 CEST4435005313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.764084101 CEST50051443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.764118910 CEST4435005113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.764131069 CEST50053443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.764214039 CEST4435005313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.764488935 CEST50051443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.764503002 CEST4435005113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.764600992 CEST50053443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.764633894 CEST4435005313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.845680952 CEST4435005513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.854177952 CEST50055443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.854199886 CEST4435005513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.862014055 CEST4435005113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.862817049 CEST4435005113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.862885952 CEST4435005113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.862888098 CEST50051443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.862963915 CEST50051443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.864132881 CEST4435005213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.864203930 CEST4435005213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.864243031 CEST50052443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.864717960 CEST50055443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.864723921 CEST4435005513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.865189075 CEST4435005413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.867098093 CEST4435005313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.867454052 CEST4435005313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.867523909 CEST50053443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.871961117 CEST50054443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.872005939 CEST4435005413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.878703117 CEST50054443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.878717899 CEST4435005413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.889184952 CEST50051443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.889185905 CEST50051443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.889230013 CEST4435005113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.889257908 CEST4435005113.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.911354065 CEST50052443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.911381006 CEST4435005213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.911396980 CEST50052443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.911410093 CEST4435005213.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.929965973 CEST50053443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.929965973 CEST50053443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.930016994 CEST4435005313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.930043936 CEST4435005313.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.966207981 CEST4435005513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.966298103 CEST4435005513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.966350079 CEST50055443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.976969957 CEST4435005413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.977035999 CEST4435005413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.977212906 CEST50054443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.991724014 CEST50055443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.991731882 CEST4435005513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.991761923 CEST50055443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.991766930 CEST4435005513.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.992470026 CEST50054443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.992487907 CEST4435005413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:43.992499113 CEST50054443192.168.2.413.107.246.45
                        Oct 4, 2024 09:17:43.992505074 CEST4435005413.107.246.45192.168.2.4
                        Oct 4, 2024 09:17:56.171762943 CEST50056443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:56.171834946 CEST44350056216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:56.172044992 CEST50056443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:56.173556089 CEST50056443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:56.173593044 CEST44350056216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:56.262687922 CEST50057443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:56.262748957 CEST44350057216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:56.262924910 CEST50057443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:56.274316072 CEST50057443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:56.274363995 CEST44350057216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:56.806802034 CEST44350056216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:56.807147026 CEST50056443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:56.807216883 CEST44350056216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:56.807770014 CEST44350056216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:56.808119059 CEST50056443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:56.808219910 CEST44350056216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:56.808305979 CEST50056443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:56.808345079 CEST50056443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:56.808360100 CEST44350056216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:56.908504009 CEST44350057216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:56.908807039 CEST50057443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:56.908834934 CEST44350057216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:56.909342051 CEST44350057216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:56.909815073 CEST50057443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:56.909887075 CEST44350057216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:56.909984112 CEST50057443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:56.910001040 CEST50057443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:56.910006046 CEST44350057216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:57.115135908 CEST44350056216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:57.115787983 CEST44350056216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:57.115869999 CEST50056443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:57.115966082 CEST50056443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:57.116014004 CEST44350056216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:57.208220959 CEST44350057216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:57.209886074 CEST44350057216.58.206.46192.168.2.4
                        Oct 4, 2024 09:17:57.209994078 CEST50057443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:57.210268021 CEST50057443192.168.2.4216.58.206.46
                        Oct 4, 2024 09:17:57.210283041 CEST44350057216.58.206.46192.168.2.4

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Oct 4, 2024 09:16:12.512300014 CEST6408053192.168.2.41.1.1.1
                        Oct 4, 2024 09:16:12.512447119 CEST5457353192.168.2.41.1.1.1
                        Oct 4, 2024 09:16:12.519195080 CEST53545731.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:12.519970894 CEST53640801.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:12.520000935 CEST53603801.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:12.540992975 CEST53542871.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:13.480217934 CEST4970453192.168.2.41.1.1.1
                        Oct 4, 2024 09:16:13.480422974 CEST5966953192.168.2.41.1.1.1
                        Oct 4, 2024 09:16:13.487145901 CEST53596691.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:13.487261057 CEST53497041.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:13.533380985 CEST53629731.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:16.180943012 CEST5112453192.168.2.41.1.1.1
                        Oct 4, 2024 09:16:16.181085110 CEST5120253192.168.2.41.1.1.1
                        Oct 4, 2024 09:16:16.187768936 CEST53512021.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:16.187998056 CEST53511241.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:19.933465958 CEST53581071.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:21.500210047 CEST138138192.168.2.4192.168.2.255
                        Oct 4, 2024 09:16:22.504638910 CEST5938753192.168.2.41.1.1.1
                        Oct 4, 2024 09:16:22.505198956 CEST6157853192.168.2.41.1.1.1
                        Oct 4, 2024 09:16:22.511435032 CEST53593871.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:22.513036966 CEST53615781.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:23.617531061 CEST5496953192.168.2.41.1.1.1
                        Oct 4, 2024 09:16:23.617902994 CEST6289953192.168.2.41.1.1.1
                        Oct 4, 2024 09:16:23.628757954 CEST53549691.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:23.629400969 CEST53628991.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:24.860357046 CEST53542311.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:30.641465902 CEST53556511.1.1.1192.168.2.4
                        Oct 4, 2024 09:16:49.442831039 CEST53618721.1.1.1192.168.2.4
                        Oct 4, 2024 09:17:11.947786093 CEST53599651.1.1.1192.168.2.4
                        Oct 4, 2024 09:17:12.096982956 CEST53549271.1.1.1192.168.2.4
                        Oct 4, 2024 09:17:24.677613974 CEST53651121.1.1.1192.168.2.4
                        Oct 4, 2024 09:17:25.480460882 CEST6296853192.168.2.41.1.1.1
                        Oct 4, 2024 09:17:25.480607033 CEST5986353192.168.2.41.1.1.1
                        Oct 4, 2024 09:17:25.487328053 CEST53629681.1.1.1192.168.2.4
                        Oct 4, 2024 09:17:25.487528086 CEST53598631.1.1.1192.168.2.4
                        Oct 4, 2024 09:17:39.662481070 CEST53624181.1.1.1192.168.2.4

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Oct 4, 2024 09:16:12.512300014 CEST192.168.2.41.1.1.10x1cfcStandard query (0)youtube.comA (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:12.512447119 CEST192.168.2.41.1.1.10x63b2Standard query (0)youtube.com65IN (0x0001)false
                        Oct 4, 2024 09:16:13.480217934 CEST192.168.2.41.1.1.10x50f1Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.480422974 CEST192.168.2.41.1.1.10xa8f6Standard query (0)www.youtube.com65IN (0x0001)false
                        Oct 4, 2024 09:16:16.180943012 CEST192.168.2.41.1.1.10x5c99Standard query (0)www.google.comA (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:16.181085110 CEST192.168.2.41.1.1.10x8e00Standard query (0)www.google.com65IN (0x0001)false
                        Oct 4, 2024 09:16:22.504638910 CEST192.168.2.41.1.1.10x8168Standard query (0)accounts.youtube.comA (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:22.505198956 CEST192.168.2.41.1.1.10xb111Standard query (0)accounts.youtube.com65IN (0x0001)false
                        Oct 4, 2024 09:16:23.617531061 CEST192.168.2.41.1.1.10xa199Standard query (0)play.google.comA (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:23.617902994 CEST192.168.2.41.1.1.10xceb2Standard query (0)play.google.com65IN (0x0001)false
                        Oct 4, 2024 09:17:25.480460882 CEST192.168.2.41.1.1.10xe212Standard query (0)play.google.comA (IP address)IN (0x0001)false
                        Oct 4, 2024 09:17:25.480607033 CEST192.168.2.41.1.1.10xbd31Standard query (0)play.google.com65IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Oct 4, 2024 09:16:12.519195080 CEST1.1.1.1192.168.2.40x63b2No error (0)youtube.com65IN (0x0001)false
                        Oct 4, 2024 09:16:12.519970894 CEST1.1.1.1192.168.2.40x1cfcNo error (0)youtube.com142.250.185.238A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487145901 CEST1.1.1.1192.168.2.40xa8f6No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487145901 CEST1.1.1.1192.168.2.40xa8f6No error (0)youtube-ui.l.google.com65IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:13.487261057 CEST1.1.1.1192.168.2.40x50f1No error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:16.187768936 CEST1.1.1.1192.168.2.40x8e00No error (0)www.google.com65IN (0x0001)false
                        Oct 4, 2024 09:16:16.187998056 CEST1.1.1.1192.168.2.40x5c99No error (0)www.google.com142.250.181.228A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:22.511435032 CEST1.1.1.1192.168.2.40x8168No error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                        Oct 4, 2024 09:16:22.511435032 CEST1.1.1.1192.168.2.40x8168No error (0)www3.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:16:22.513036966 CEST1.1.1.1192.168.2.40xb111No error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                        Oct 4, 2024 09:16:23.628757954 CEST1.1.1.1192.168.2.40xa199No error (0)play.google.com216.58.206.46A (IP address)IN (0x0001)false
                        Oct 4, 2024 09:17:25.487328053 CEST1.1.1.1192.168.2.40xe212No error (0)play.google.com216.58.206.46A (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • youtube.com
                        • www.youtube.com
                        • fs.microsoft.com
                        • slscr.update.microsoft.com
                        • https:
                          • accounts.youtube.com
                          • play.google.com
                          • www.google.com
                        • otelrules.azureedge.net

                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.449730142.250.185.2384436156C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:13 UTC851OUTGET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1
                        Host: youtube.com
                        Connection: keep-alive
                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                        Sec-Fetch-Site: none
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-User: ?1
                        Sec-Fetch-Dest: document
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        2024-10-04 07:16:13 UTC1704INHTTP/1.1 301 Moved Permanently
                        Content-Type: application/binary
                        X-Content-Type-Options: nosniff
                        Expires: Fri, 04 Oct 2024 07:16:13 GMT
                        Date: Fri, 04 Oct 2024 07:16:13 GMT
                        Cache-Control: private, max-age=31536000
                        Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                        X-Frame-Options: SAMEORIGIN
                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        Content-Security-Policy: require-trusted-types-for 'script'
                        Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                        Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
                        Server: ESF
                        Content-Length: 0
                        X-XSS-Protection: 0
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.449736142.250.185.2384436156C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:14 UTC869OUTGET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1
                        Host: www.youtube.com
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                        Sec-Fetch-Site: none
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-User: ?1
                        Sec-Fetch-Dest: document
                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        2024-10-04 07:16:14 UTC2634INHTTP/1.1 303 See Other
                        Content-Type: application/binary
                        X-Content-Type-Options: nosniff
                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                        Pragma: no-cache
                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                        Date: Fri, 04 Oct 2024 07:16:14 GMT
                        Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en
                        Strict-Transport-Security: max-age=31536000
                        X-Frame-Options: SAMEORIGIN
                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        Content-Security-Policy: require-trusted-types-for 'script'
                        Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                        Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
                        P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
                        Server: ESF
                        Content-Length: 0
                        X-XSS-Protection: 0
                        Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Fri, 04-Oct-2024 07:46:14 GMT; Path=/; Secure; HttpOnly
                        Set-Cookie: YSC=Sx6McKmejhs; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                        Set-Cookie: VISITOR_INFO1_LIVE=ZHpYkS97UZs; Domain=.youtube.com; Expires=Wed, 02-Apr-2025 07:16:14 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                        Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgWA%3D%3D; Domain=.youtube.com; Expires=Wed, 02-Apr-2025 07:16:14 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.2.44974223.211.8.90443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:18 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        Accept-Encoding: identity
                        User-Agent: Microsoft BITS/7.8
                        Host: fs.microsoft.com
                        2024-10-04 07:16:19 UTC467INHTTP/1.1 200 OK
                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                        Content-Type: application/octet-stream
                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                        Server: ECAcc (lpl/EF70)
                        X-CID: 11
                        X-Ms-ApiVersion: Distribute 1.2
                        X-Ms-Region: prod-neu-z1
                        Cache-Control: public, max-age=206949
                        Date: Fri, 04 Oct 2024 07:16:18 GMT
                        Connection: close
                        X-CID: 2


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        3192.168.2.44974523.211.8.90443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:19 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        Accept-Encoding: identity
                        If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                        Range: bytes=0-2147483646
                        User-Agent: Microsoft BITS/7.8
                        Host: fs.microsoft.com
                        2024-10-04 07:16:20 UTC535INHTTP/1.1 200 OK
                        Content-Type: application/octet-stream
                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                        ApiVersion: Distribute 1.1
                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                        X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                        Cache-Control: public, max-age=206990
                        Date: Fri, 04 Oct 2024 07:16:19 GMT
                        Content-Length: 55
                        Connection: close
                        X-CID: 2
                        2024-10-04 07:16:20 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                        Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        4192.168.2.4497504.175.87.197443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:21 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5D+OsSS+SvN7wGW&MD=2R6SN4p5 HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                        Host: slscr.update.microsoft.com
                        2024-10-04 07:16:22 UTC560INHTTP/1.1 200 OK
                        Cache-Control: no-cache
                        Pragma: no-cache
                        Content-Type: application/octet-stream
                        Expires: -1
                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                        ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                        MS-CorrelationId: ed3ba6d9-671a-46f2-ad5f-15e01b1b31f6
                        MS-RequestId: 66913b7b-43da-4133-85ee-0bb447a442b1
                        MS-CV: paTjG1h/dEK0UiHz.0
                        X-Microsoft-SLSClientCache: 2880
                        Content-Disposition: attachment; filename=environment.cab
                        X-Content-Type-Options: nosniff
                        Date: Fri, 04 Oct 2024 07:16:21 GMT
                        Connection: close
                        Content-Length: 24490
                        2024-10-04 07:16:22 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                        Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                        2024-10-04 07:16:22 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                        Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        5192.168.2.449760142.250.184.2384436156C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:23 UTC1236OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=2088320947&timestamp=1728026181885 HTTP/1.1
                        Host: accounts.youtube.com
                        Connection: keep-alive
                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-full-version: "117.0.5938.132"
                        sec-ch-ua-arch: "x86"
                        sec-ch-ua-platform: "Windows"
                        sec-ch-ua-platform-version: "10.0.0"
                        sec-ch-ua-model: ""
                        sec-ch-ua-bitness: "64"
                        sec-ch-ua-wow64: ?0
                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-User: ?1
                        Sec-Fetch-Dest: iframe
                        Referer: https://accounts.google.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        2024-10-04 07:16:23 UTC1969INHTTP/1.1 200 OK
                        Content-Type: text/html; charset=utf-8
                        X-Frame-Options: ALLOW-FROM https://accounts.google.com
                        Content-Security-Policy: frame-ancestors https://accounts.google.com
                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                        Content-Security-Policy: script-src 'report-sample' 'nonce-LfoQRSz_IAYwz9QUZKPqAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                        Pragma: no-cache
                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                        Date: Fri, 04 Oct 2024 07:16:23 GMT
                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                        Cross-Origin-Opener-Policy: same-origin
                        Cross-Origin-Resource-Policy: cross-origin
                        reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmLw1JBikPj6kkkDiJ3SZ7AGAXHSv_OsRUB8ufsS63UgVu25xGoKxEUSV1ibgFiIh-P4mn_b2QRu3Ni6llFJLym_MD4zJTWvJLOkMiU_NzEzLzk_Pzsztbg4tagstSjeyMDIxMDSyFLPwCK-wAAA9kgt8g"
                        Server: ESF
                        X-XSS-Protection: 0
                        X-Content-Type-Options: nosniff
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Accept-Ranges: none
                        Vary: Accept-Encoding
                        Connection: close
                        Transfer-Encoding: chunked
                        2024-10-04 07:16:23 UTC1969INData Raw: 37 36 31 63 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 4c 66 6f 51 52 53 7a 5f 49 41 59 77 7a 39 51 55 5a 4b 50 71 41 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                        Data Ascii: 761c<html><head><script nonce="LfoQRSz_IAYwz9QUZKPqAg">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                        2024-10-04 07:16:23 UTC1969INData Raw: 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28
                        Data Ascii: Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\(
                        2024-10-04 07:16:23 UTC1969INData Raw: 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e
                        Data Ascii: tch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&a in
                        2024-10-04 07:16:23 UTC1969INData Raw: 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b 64 3d 61 5b 62 2d
                        Data Ascii: {var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){d=a[b-
                        2024-10-04 07:16:23 UTC1969INData Raw: 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65
                        Data Ascii: ol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="function"&&type
                        2024-10-04 07:16:23 UTC1969INData Raw: 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 49 28 6b 2c 66 29 29
                        Data Ascii: );e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!I(k,f))
                        2024-10-04 07:16:23 UTC1969INData Raw: 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29
                        Data Ascii: urn g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"||l=="function"?b.has(k)
                        2024-10-04 07:16:23 UTC1969INData Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45
                        Data Ascii: on(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb||{},q=this||self,gb=q._F_toggles||[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Math.random()*1E
                        2024-10-04 07:16:23 UTC1969INData Raw: 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 62 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68
                        Data Ascii: text__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c||q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ba:k,error:l});return e}},tb=function(a){var b=h
                        2024-10-04 07:16:23 UTC1969INData Raw: 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b 63 2e 70 75 73 68 28 22 5b 65 78 63 65 70 74 69 6f 6e
                        Data Ascii: "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){c.push("[exception


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        6192.168.2.449766216.58.206.464436156C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:24 UTC549OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                        Host: play.google.com
                        Connection: keep-alive
                        Accept: */*
                        Access-Control-Request-Method: POST
                        Access-Control-Request-Headers: x-goog-authuser
                        Origin: https://accounts.google.com
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                        Sec-Fetch-Mode: cors
                        Sec-Fetch-Site: same-site
                        Sec-Fetch-Dest: empty
                        Referer: https://accounts.google.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        2024-10-04 07:16:24 UTC520INHTTP/1.1 200 OK
                        Access-Control-Allow-Origin: https://accounts.google.com
                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                        Access-Control-Max-Age: 86400
                        Access-Control-Allow-Credentials: true
                        Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                        Content-Type: text/plain; charset=UTF-8
                        Date: Fri, 04 Oct 2024 07:16:24 GMT
                        Server: Playlog
                        Content-Length: 0
                        X-XSS-Protection: 0
                        X-Frame-Options: SAMEORIGIN
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        7192.168.2.449765216.58.206.464436156C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:24 UTC549OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                        Host: play.google.com
                        Connection: keep-alive
                        Accept: */*
                        Access-Control-Request-Method: POST
                        Access-Control-Request-Headers: x-goog-authuser
                        Origin: https://accounts.google.com
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                        Sec-Fetch-Mode: cors
                        Sec-Fetch-Site: same-site
                        Sec-Fetch-Dest: empty
                        Referer: https://accounts.google.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        2024-10-04 07:16:24 UTC520INHTTP/1.1 200 OK
                        Access-Control-Allow-Origin: https://accounts.google.com
                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                        Access-Control-Max-Age: 86400
                        Access-Control-Allow-Credentials: true
                        Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                        Content-Type: text/plain; charset=UTF-8
                        Date: Fri, 04 Oct 2024 07:16:24 GMT
                        Server: Playlog
                        Content-Length: 0
                        X-XSS-Protection: 0
                        X-Frame-Options: SAMEORIGIN
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        8192.168.2.449773216.58.206.464436156C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:25 UTC1124OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                        Host: play.google.com
                        Connection: keep-alive
                        Content-Length: 519
                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                        sec-ch-ua-arch: "x86"
                        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                        sec-ch-ua-full-version: "117.0.5938.132"
                        sec-ch-ua-platform-version: "10.0.0"
                        X-Goog-AuthUser: 0
                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                        sec-ch-ua-bitness: "64"
                        sec-ch-ua-model: ""
                        sec-ch-ua-wow64: ?0
                        sec-ch-ua-platform: "Windows"
                        Accept: */*
                        Origin: https://accounts.google.com
                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                        Sec-Fetch-Site: same-site
                        Sec-Fetch-Mode: cors
                        Sec-Fetch-Dest: empty
                        Referer: https://accounts.google.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        2024-10-04 07:16:25 UTC519OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 32 36 31 38 33 30 30 32 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728026183002",null,null,null
                        2024-10-04 07:16:25 UTC932INHTTP/1.1 200 OK
                        Access-Control-Allow-Origin: https://accounts.google.com
                        Cross-Origin-Resource-Policy: cross-origin
                        Access-Control-Allow-Credentials: true
                        Access-Control-Allow-Headers: X-Playlog-Web
                        Set-Cookie: NID=518=Z3KXfBQjG9E6Cu5c2a9MI_mhZ02ENWJX4CELV23-t-Zo4v4-mKfbL6uNOMXbqMf4M3ssUbG5-gNNyWaO15Lt3RD_9DNhmX4U_ou2cigXqewhy-OmrN7lZoBqvlXrDjq1CiFjHVfsdoa7Muhvrwxwzukp932clg52yBxTp14oaz186NefGA; expires=Sat, 05-Apr-2025 07:16:25 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                        Content-Type: text/plain; charset=UTF-8
                        Date: Fri, 04 Oct 2024 07:16:25 GMT
                        Server: Playlog
                        Cache-Control: private
                        X-XSS-Protection: 0
                        X-Frame-Options: SAMEORIGIN
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Accept-Ranges: none
                        Vary: Accept-Encoding
                        Expires: Fri, 04 Oct 2024 07:16:25 GMT
                        Connection: close
                        Transfer-Encoding: chunked
                        2024-10-04 07:16:25 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                        2024-10-04 07:16:25 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        9192.168.2.449771216.58.206.464436156C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:25 UTC1124OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                        Host: play.google.com
                        Connection: keep-alive
                        Content-Length: 519
                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                        sec-ch-ua-arch: "x86"
                        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                        sec-ch-ua-full-version: "117.0.5938.132"
                        sec-ch-ua-platform-version: "10.0.0"
                        X-Goog-AuthUser: 0
                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                        sec-ch-ua-bitness: "64"
                        sec-ch-ua-model: ""
                        sec-ch-ua-wow64: ?0
                        sec-ch-ua-platform: "Windows"
                        Accept: */*
                        Origin: https://accounts.google.com
                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                        Sec-Fetch-Site: same-site
                        Sec-Fetch-Mode: cors
                        Sec-Fetch-Dest: empty
                        Referer: https://accounts.google.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        2024-10-04 07:16:25 UTC519OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 32 36 31 38 33 30 37 33 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728026183073",null,null,null
                        2024-10-04 07:16:25 UTC933INHTTP/1.1 200 OK
                        Access-Control-Allow-Origin: https://accounts.google.com
                        Cross-Origin-Resource-Policy: cross-origin
                        Access-Control-Allow-Credentials: true
                        Access-Control-Allow-Headers: X-Playlog-Web
                        Set-Cookie: NID=518=TIWgXkivMwb9VSTvI_JrKEUR-9aFANPQdr9fNlYqnS7bynXR9Uop8b2gdndqn676UCetpjK7iNsLMzY3U2vk-qp9VytmW35aUek1KEtGKXtyDkZ3pd-LRDgjW6ZSHqs5-xRhud8XzMsYRlxY7vTZOCjLO3lW-tboXPMl6IbOwalq4Enh4XY; expires=Sat, 05-Apr-2025 07:16:25 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                        Content-Type: text/plain; charset=UTF-8
                        Date: Fri, 04 Oct 2024 07:16:25 GMT
                        Server: Playlog
                        Cache-Control: private
                        X-XSS-Protection: 0
                        X-Frame-Options: SAMEORIGIN
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Accept-Ranges: none
                        Vary: Accept-Encoding
                        Expires: Fri, 04 Oct 2024 07:16:25 GMT
                        Connection: close
                        Transfer-Encoding: chunked
                        2024-10-04 07:16:25 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                        2024-10-04 07:16:25 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        10192.168.2.449740142.250.181.2284436156C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:25 UTC1017OUTGET /favicon.ico HTTP/1.1
                        Host: www.google.com
                        Connection: keep-alive
                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                        sec-ch-ua-arch: "x86"
                        sec-ch-ua-full-version: "117.0.5938.132"
                        sec-ch-ua-platform-version: "10.0.0"
                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                        sec-ch-ua-bitness: "64"
                        sec-ch-ua-model: ""
                        sec-ch-ua-wow64: ?0
                        sec-ch-ua-platform: "Windows"
                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                        Sec-Fetch-Site: same-site
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: image
                        Referer: https://accounts.google.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        2024-10-04 07:16:25 UTC705INHTTP/1.1 200 OK
                        Accept-Ranges: bytes
                        Cross-Origin-Resource-Policy: cross-origin
                        Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                        Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                        Content-Length: 5430
                        X-Content-Type-Options: nosniff
                        Server: sffe
                        X-XSS-Protection: 0
                        Date: Fri, 04 Oct 2024 06:58:45 GMT
                        Expires: Sat, 12 Oct 2024 06:58:45 GMT
                        Cache-Control: public, max-age=691200
                        Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                        Content-Type: image/x-icon
                        Vary: Accept-Encoding
                        Age: 1060
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Connection: close
                        2024-10-04 07:16:25 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                        Data Ascii: h& ( 0.v]X:X:rY
                        2024-10-04 07:16:25 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                        Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                        2024-10-04 07:16:25 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                        Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                        2024-10-04 07:16:25 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                        Data Ascii: BBBBBBF!4I
                        2024-10-04 07:16:25 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                        Data Ascii: $'


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        11192.168.2.449780216.58.206.464436156C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:32 UTC1299OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                        Host: play.google.com
                        Connection: keep-alive
                        Content-Length: 1215
                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                        sec-ch-ua-arch: "x86"
                        Content-Type: text/plain;charset=UTF-8
                        sec-ch-ua-full-version: "117.0.5938.132"
                        sec-ch-ua-platform-version: "10.0.0"
                        X-Goog-AuthUser: 0
                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                        sec-ch-ua-bitness: "64"
                        sec-ch-ua-model: ""
                        sec-ch-ua-wow64: ?0
                        sec-ch-ua-platform: "Windows"
                        Accept: */*
                        Origin: https://accounts.google.com
                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                        Sec-Fetch-Site: same-site
                        Sec-Fetch-Mode: cors
                        Sec-Fetch-Dest: empty
                        Referer: https://accounts.google.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        Cookie: NID=518=TIWgXkivMwb9VSTvI_JrKEUR-9aFANPQdr9fNlYqnS7bynXR9Uop8b2gdndqn676UCetpjK7iNsLMzY3U2vk-qp9VytmW35aUek1KEtGKXtyDkZ3pd-LRDgjW6ZSHqs5-xRhud8XzMsYRlxY7vTZOCjLO3lW-tboXPMl6IbOwalq4Enh4XY
                        2024-10-04 07:16:32 UTC1215OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 38 30 32 36 31 38 31 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1728026181000",null,null,null,
                        2024-10-04 07:16:32 UTC941INHTTP/1.1 200 OK
                        Access-Control-Allow-Origin: https://accounts.google.com
                        Cross-Origin-Resource-Policy: cross-origin
                        Access-Control-Allow-Credentials: true
                        Access-Control-Allow-Headers: X-Playlog-Web
                        Set-Cookie: NID=518=PPWIcqYCW_f18mPc4m9JCcgoQZ8j8JrMZWP4Zm-guo66XTLDYGAIV8FE5IzhEs_L64poNRWKcrpxdAJg3d7xyQyPyVvsmsQ5K1qwx4qg_2pbQGhkmzJcbw6NLDTxN_F3HLElE86Bj4feLJS5NlCVTblsch_JTeimF2S4RdwiokKC7O4W4uYE8-6iMUE; expires=Sat, 05-Apr-2025 07:16:32 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                        Content-Type: text/plain; charset=UTF-8
                        Date: Fri, 04 Oct 2024 07:16:32 GMT
                        Server: Playlog
                        Cache-Control: private
                        X-XSS-Protection: 0
                        X-Frame-Options: SAMEORIGIN
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Accept-Ranges: none
                        Vary: Accept-Encoding
                        Expires: Fri, 04 Oct 2024 07:16:32 GMT
                        Connection: close
                        Transfer-Encoding: chunked
                        2024-10-04 07:16:32 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                        2024-10-04 07:16:32 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        12192.168.2.449781216.58.206.464436156C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:55 UTC1330OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                        Host: play.google.com
                        Connection: keep-alive
                        Content-Length: 1192
                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                        sec-ch-ua-arch: "x86"
                        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                        sec-ch-ua-full-version: "117.0.5938.132"
                        sec-ch-ua-platform-version: "10.0.0"
                        X-Goog-AuthUser: 0
                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                        sec-ch-ua-bitness: "64"
                        sec-ch-ua-model: ""
                        sec-ch-ua-wow64: ?0
                        sec-ch-ua-platform: "Windows"
                        Accept: */*
                        Origin: https://accounts.google.com
                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                        Sec-Fetch-Site: same-site
                        Sec-Fetch-Mode: cors
                        Sec-Fetch-Dest: empty
                        Referer: https://accounts.google.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        Cookie: NID=518=PPWIcqYCW_f18mPc4m9JCcgoQZ8j8JrMZWP4Zm-guo66XTLDYGAIV8FE5IzhEs_L64poNRWKcrpxdAJg3d7xyQyPyVvsmsQ5K1qwx4qg_2pbQGhkmzJcbw6NLDTxN_F3HLElE86Bj4feLJS5NlCVTblsch_JTeimF2S4RdwiokKC7O4W4uYE8-6iMUE
                        2024-10-04 07:16:55 UTC1192OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 32 36 32 31 34 33 30 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728026214305",null,null,null
                        2024-10-04 07:16:55 UTC523INHTTP/1.1 200 OK
                        Access-Control-Allow-Origin: https://accounts.google.com
                        Cross-Origin-Resource-Policy: cross-origin
                        Access-Control-Allow-Credentials: true
                        Access-Control-Allow-Headers: X-Playlog-Web
                        Content-Type: text/plain; charset=UTF-8
                        Date: Fri, 04 Oct 2024 07:16:55 GMT
                        Server: Playlog
                        Cache-Control: private
                        X-XSS-Protection: 0
                        X-Frame-Options: SAMEORIGIN
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Accept-Ranges: none
                        Vary: Accept-Encoding
                        Connection: close
                        Transfer-Encoding: chunked
                        2024-10-04 07:16:55 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                        2024-10-04 07:16:55 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        13192.168.2.449783216.58.206.464436156C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:55 UTC1330OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                        Host: play.google.com
                        Connection: keep-alive
                        Content-Length: 1319
                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                        sec-ch-ua-arch: "x86"
                        Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                        sec-ch-ua-full-version: "117.0.5938.132"
                        sec-ch-ua-platform-version: "10.0.0"
                        X-Goog-AuthUser: 0
                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                        sec-ch-ua-bitness: "64"
                        sec-ch-ua-model: ""
                        sec-ch-ua-wow64: ?0
                        sec-ch-ua-platform: "Windows"
                        Accept: */*
                        Origin: https://accounts.google.com
                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                        Sec-Fetch-Site: same-site
                        Sec-Fetch-Mode: cors
                        Sec-Fetch-Dest: empty
                        Referer: https://accounts.google.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        Cookie: NID=518=PPWIcqYCW_f18mPc4m9JCcgoQZ8j8JrMZWP4Zm-guo66XTLDYGAIV8FE5IzhEs_L64poNRWKcrpxdAJg3d7xyQyPyVvsmsQ5K1qwx4qg_2pbQGhkmzJcbw6NLDTxN_F3HLElE86Bj4feLJS5NlCVTblsch_JTeimF2S4RdwiokKC7O4W4uYE8-6iMUE
                        2024-10-04 07:16:55 UTC1319OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 38 30 32 36 32 31 34 33 30 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"31",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1728026214307",null,null,null
                        2024-10-04 07:16:55 UTC523INHTTP/1.1 200 OK
                        Access-Control-Allow-Origin: https://accounts.google.com
                        Cross-Origin-Resource-Policy: cross-origin
                        Access-Control-Allow-Credentials: true
                        Access-Control-Allow-Headers: X-Playlog-Web
                        Content-Type: text/plain; charset=UTF-8
                        Date: Fri, 04 Oct 2024 07:16:55 GMT
                        Server: Playlog
                        Cache-Control: private
                        X-XSS-Protection: 0
                        X-Frame-Options: SAMEORIGIN
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Accept-Ranges: none
                        Vary: Accept-Encoding
                        Connection: close
                        Transfer-Encoding: chunked
                        2024-10-04 07:16:55 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                        2024-10-04 07:16:55 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        14192.168.2.449782216.58.206.464436156C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:55 UTC1290OUTPOST /log?hasfast=true&authuser=0&format=json HTTP/1.1
                        Host: play.google.com
                        Connection: keep-alive
                        Content-Length: 1067
                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                        sec-ch-ua-arch: "x86"
                        sec-ch-ua-full-version: "117.0.5938.132"
                        Content-Type: text/plain;charset=UTF-8
                        sec-ch-ua-platform-version: "10.0.0"
                        sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                        sec-ch-ua-bitness: "64"
                        sec-ch-ua-model: ""
                        sec-ch-ua-wow64: ?0
                        sec-ch-ua-platform: "Windows"
                        Accept: */*
                        Origin: https://accounts.google.com
                        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                        Sec-Fetch-Site: same-site
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: empty
                        Referer: https://accounts.google.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        Cookie: NID=518=PPWIcqYCW_f18mPc4m9JCcgoQZ8j8JrMZWP4Zm-guo66XTLDYGAIV8FE5IzhEs_L64poNRWKcrpxdAJg3d7xyQyPyVvsmsQ5K1qwx4qg_2pbQGhkmzJcbw6NLDTxN_F3HLElE86Bj4feLJS5NlCVTblsch_JTeimF2S4RdwiokKC7O4W4uYE8-6iMUE
                        2024-10-04 07:16:55 UTC1067OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 31 30 30 31 2e 30 36 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c 30 2c 30
                        Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_identityfrontendauthuiserver_20241001.06_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,0,0
                        2024-10-04 07:16:55 UTC523INHTTP/1.1 200 OK
                        Access-Control-Allow-Origin: https://accounts.google.com
                        Cross-Origin-Resource-Policy: cross-origin
                        Access-Control-Allow-Credentials: true
                        Access-Control-Allow-Headers: X-Playlog-Web
                        Content-Type: text/plain; charset=UTF-8
                        Date: Fri, 04 Oct 2024 07:16:55 GMT
                        Server: Playlog
                        Cache-Control: private
                        X-XSS-Protection: 0
                        X-Frame-Options: SAMEORIGIN
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Accept-Ranges: none
                        Vary: Accept-Encoding
                        Connection: close
                        Transfer-Encoding: chunked
                        2024-10-04 07:16:55 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                        Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                        2024-10-04 07:16:55 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination Port
                        15192.168.2.44978413.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:16:59 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:16:59 UTC540INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:16:59 GMT
                        Content-Type: text/plain
                        Content-Length: 218853
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public
                        Last-Modified: Mon, 30 Sep 2024 13:16:38 GMT
                        ETag: "0x8DCE1521DF74B57"
                        x-ms-request-id: 90766f9b-701e-006f-578c-15afc4000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071659Z-15767c5fc55lghvzbxktxfqntw0000000by0000000003za1
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:16:59 UTC15844INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                        Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                        2024-10-04 07:17:00 UTC16384INData Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e
                        Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
                        2024-10-04 07:17:00 UTC16384INData Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31
                        Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
                        2024-10-04 07:17:00 UTC16384INData Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20
                        Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
                        2024-10-04 07:17:00 UTC16384INData Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f
                        Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
                        2024-10-04 07:17:00 UTC16384INData Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a
                        Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
                        2024-10-04 07:17:00 UTC16384INData Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63
                        Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
                        2024-10-04 07:17:00 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e
                        Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
                        2024-10-04 07:17:00 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
                        Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
                        2024-10-04 07:17:00 UTC16384INData Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                        Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        16192.168.2.449785172.202.163.200443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:00 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5D+OsSS+SvN7wGW&MD=2R6SN4p5 HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                        Host: slscr.update.microsoft.com
                        2024-10-04 07:17:00 UTC560INHTTP/1.1 200 OK
                        Cache-Control: no-cache
                        Pragma: no-cache
                        Content-Type: application/octet-stream
                        Expires: -1
                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                        ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                        MS-CorrelationId: 071469e0-8f78-4719-a56c-80f22fae2e2d
                        MS-RequestId: 9072feb2-feaf-420c-9398-2cdeff270653
                        MS-CV: aViliqqNDku77UQ/.0
                        X-Microsoft-SLSClientCache: 1440
                        Content-Disposition: attachment; filename=environment.cab
                        X-Content-Type-Options: nosniff
                        Date: Fri, 04 Oct 2024 07:16:59 GMT
                        Connection: close
                        Content-Length: 30005
                        2024-10-04 07:17:00 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                        Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                        2024-10-04 07:17:00 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                        Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                        Session IDSource IPSource PortDestination IPDestination Port
                        17192.168.2.44978713.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:00 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:00 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:00 GMT
                        Content-Type: text/xml
                        Content-Length: 450
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                        ETag: "0x8DC582BD4C869AE"
                        x-ms-request-id: b9d87bc4-001e-008d-138c-15d91e000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071700Z-15767c5fc554w2fgapsyvy8ua00000000bm000000000bvw1
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:00 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                        Session IDSource IPSource PortDestination IPDestination Port
                        18192.168.2.44978913.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:00 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:00 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:00 GMT
                        Content-Type: text/xml
                        Content-Length: 2160
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                        ETag: "0x8DC582BA3B95D81"
                        x-ms-request-id: 39d43082-801e-00ac-658c-15fd65000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071700Z-15767c5fc5546rn6ch9zv310e0000000054g0000000069b5
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:00 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        19192.168.2.44979013.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:00 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:00 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:00 GMT
                        Content-Type: text/xml
                        Content-Length: 408
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                        ETag: "0x8DC582BB56D3AFB"
                        x-ms-request-id: 4b0a31e7-c01e-00ad-448c-15a2b9000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071700Z-15767c5fc55852fxfeh7csa2dn0000000c100000000094ke
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:00 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                        Session IDSource IPSource PortDestination IPDestination Port
                        20192.168.2.44978813.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:00 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:00 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:00 GMT
                        Content-Type: text/xml
                        Content-Length: 2980
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                        ETag: "0x8DC582BA80D96A1"
                        x-ms-request-id: b9d87bc3-001e-008d-128c-15d91e000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071700Z-15767c5fc55rv8zjq9dg0musxg0000000c9g0000000016d9
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:00 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                        Session IDSource IPSource PortDestination IPDestination Port
                        21192.168.2.44978613.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:00 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:00 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:00 GMT
                        Content-Type: text/xml
                        Content-Length: 3788
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                        ETag: "0x8DC582BAC2126A6"
                        x-ms-request-id: 1cc2ff82-e01e-0071-478c-1508e7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071700Z-15767c5fc55rv8zjq9dg0musxg0000000c7g0000000043u3
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:00 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                        Session IDSource IPSource PortDestination IPDestination Port
                        22192.168.2.44979413.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:01 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:01 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:01 GMT
                        Content-Type: text/xml
                        Content-Length: 632
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                        ETag: "0x8DC582BB6E3779E"
                        x-ms-request-id: 3a0dc1eb-601e-0032-608c-15eebb000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071701Z-15767c5fc55v7j95gq2uzq37a00000000cd00000000068bd
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:01 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                        Session IDSource IPSource PortDestination IPDestination Port
                        23192.168.2.44979313.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:01 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:01 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:01 GMT
                        Content-Type: text/xml
                        Content-Length: 471
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                        ETag: "0x8DC582BB10C598B"
                        x-ms-request-id: 24b39cfc-301e-0096-2a8c-15e71d000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071701Z-15767c5fc55gq5fmm10nm5qqr80000000cd00000000012gk
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:01 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        24192.168.2.44979513.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:01 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:01 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:01 GMT
                        Content-Type: text/xml
                        Content-Length: 467
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                        ETag: "0x8DC582BA6C038BC"
                        x-ms-request-id: b2393cc3-501e-005b-768c-15d7f7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071701Z-15767c5fc552g4w83buhsr3htc0000000c8g000000002nkn
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:01 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        25192.168.2.44979113.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:01 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:01 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:01 GMT
                        Content-Type: text/xml
                        Content-Length: 474
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                        ETag: "0x8DC582B9964B277"
                        x-ms-request-id: aa8826a4-b01e-0053-608c-15cdf8000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071701Z-15767c5fc55fdfx81a30vtr1fw0000000ceg000000009k7a
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:01 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        26192.168.2.44979213.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:01 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:01 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:01 GMT
                        Content-Type: text/xml
                        Content-Length: 415
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                        ETag: "0x8DC582B9F6F3512"
                        x-ms-request-id: 757ce4f4-401e-000a-128c-154a7b000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071701Z-15767c5fc554wklc0x4mc5pq0w0000000ceg0000000096t8
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:01 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                        Session IDSource IPSource PortDestination IPDestination Port
                        27192.168.2.44980013.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:02 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:02 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:02 GMT
                        Content-Type: text/xml
                        Content-Length: 407
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                        ETag: "0x8DC582B9698189B"
                        x-ms-request-id: 023e3944-a01e-003d-708c-1598d7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071702Z-15767c5fc5546rn6ch9zv310e0000000051g00000000bnqu
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:02 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                        Session IDSource IPSource PortDestination IPDestination Port
                        28192.168.2.44979613.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:02 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:02 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:02 GMT
                        Content-Type: text/xml
                        Content-Length: 407
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                        ETag: "0x8DC582BBAD04B7B"
                        x-ms-request-id: 023e3708-a01e-003d-568c-1598d7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071702Z-15767c5fc55whfstvfw43u8fp40000000c9g000000007kne
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:02 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                        Session IDSource IPSource PortDestination IPDestination Port
                        29192.168.2.44979713.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:02 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:02 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:02 GMT
                        Content-Type: text/xml
                        Content-Length: 486
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                        ETag: "0x8DC582BB344914B"
                        x-ms-request-id: 1cc301c6-e01e-0071-6b8c-1508e7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071702Z-15767c5fc55ncqdn59ub6rndq00000000bz0000000000znx
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:02 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        30192.168.2.44979813.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:02 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:02 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:02 GMT
                        Content-Type: text/xml
                        Content-Length: 427
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                        ETag: "0x8DC582BA310DA18"
                        x-ms-request-id: 1cc301ca-e01e-0071-6f8c-1508e7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071702Z-15767c5fc55472x4k7dmphmadg0000000bx00000000037r5
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:02 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                        Session IDSource IPSource PortDestination IPDestination Port
                        31192.168.2.44979913.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:02 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:02 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:02 GMT
                        Content-Type: text/xml
                        Content-Length: 486
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                        ETag: "0x8DC582B9018290B"
                        x-ms-request-id: e0871f45-901e-00a0-0d8c-156a6d000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071702Z-15767c5fc552g4w83buhsr3htc0000000c8g000000002nkx
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:02 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        32192.168.2.44980113.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:03 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:03 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:03 GMT
                        Content-Type: text/xml
                        Content-Length: 469
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                        ETag: "0x8DC582BBA701121"
                        x-ms-request-id: a68dfe67-f01e-0052-588c-159224000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071703Z-15767c5fc55ncqdn59ub6rndq00000000bzg0000000008e7
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:03 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        33192.168.2.44980213.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:03 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:03 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:03 GMT
                        Content-Type: text/xml
                        Content-Length: 415
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                        ETag: "0x8DC582BA41997E3"
                        x-ms-request-id: c54fb296-901e-008f-528c-1567a6000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071703Z-15767c5fc55sdcjq8ksxt4n9mc00000001fg0000000070gs
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:03 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                        Session IDSource IPSource PortDestination IPDestination Port
                        34192.168.2.44980313.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:03 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:03 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:03 GMT
                        Content-Type: text/xml
                        Content-Length: 477
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                        ETag: "0x8DC582BB8CEAC16"
                        x-ms-request-id: 24b39fc0-301e-0096-298c-15e71d000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071703Z-15767c5fc55tsfp92w7yna557w0000000c400000000097nv
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:03 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        35192.168.2.44980413.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:03 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:03 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:03 GMT
                        Content-Type: text/xml
                        Content-Length: 464
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                        ETag: "0x8DC582B97FB6C3C"
                        x-ms-request-id: dc68ccfc-201e-006e-438c-15bbe3000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071703Z-15767c5fc552g4w83buhsr3htc0000000c9g0000000019ba
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:03 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                        Session IDSource IPSource PortDestination IPDestination Port
                        36192.168.2.44980513.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:03 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:03 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:03 GMT
                        Content-Type: text/xml
                        Content-Length: 494
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                        ETag: "0x8DC582BB7010D66"
                        x-ms-request-id: 79ade187-001e-0065-788c-150b73000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071703Z-15767c5fc55fdfx81a30vtr1fw0000000cfg000000007v0x
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:03 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        37192.168.2.44980713.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:04 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:04 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:04 GMT
                        Content-Type: text/xml
                        Content-Length: 472
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                        ETag: "0x8DC582B9DACDF62"
                        x-ms-request-id: 8e9c869d-201e-000c-4b8c-1579c4000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071704Z-15767c5fc55rg5b7sh1vuv8t7n0000000cfg000000007pny
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:04 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        38192.168.2.44980613.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:04 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:04 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:04 GMT
                        Content-Type: text/xml
                        Content-Length: 419
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                        ETag: "0x8DC582B9748630E"
                        x-ms-request-id: 0da94923-701e-0097-168c-15b8c1000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071704Z-15767c5fc55w69c2zvnrz0gmgw0000000c9g00000000cf45
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:04 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                        Session IDSource IPSource PortDestination IPDestination Port
                        39192.168.2.44980813.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:04 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:04 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:04 GMT
                        Content-Type: text/xml
                        Content-Length: 404
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                        ETag: "0x8DC582B9E8EE0F3"
                        x-ms-request-id: 4f10c824-e01e-0085-1c8c-15c311000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071704Z-15767c5fc55ncqdn59ub6rndq00000000byg000000001nw2
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:04 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                        Session IDSource IPSource PortDestination IPDestination Port
                        40192.168.2.44981013.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:04 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:04 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:04 GMT
                        Content-Type: text/xml
                        Content-Length: 428
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                        ETag: "0x8DC582BAC4F34CA"
                        x-ms-request-id: 82f8b22c-c01e-0014-5a8c-15a6a3000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071704Z-15767c5fc55852fxfeh7csa2dn0000000c5g0000000028me
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:04 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                        Session IDSource IPSource PortDestination IPDestination Port
                        41192.168.2.44980913.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:04 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:04 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:04 GMT
                        Content-Type: text/xml
                        Content-Length: 468
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                        ETag: "0x8DC582B9C8E04C8"
                        x-ms-request-id: 09e6f7ee-001e-0034-548c-15dd04000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071704Z-15767c5fc55rg5b7sh1vuv8t7n0000000cn000000000113f
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:04 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        42192.168.2.44981113.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:04 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:04 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:04 GMT
                        Content-Type: text/xml
                        Content-Length: 499
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                        ETag: "0x8DC582B98CEC9F6"
                        x-ms-request-id: 30fd46b0-d01e-00a1-368c-1535b1000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071704Z-15767c5fc55w69c2zvnrz0gmgw0000000ca000000000bn8s
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:04 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        43192.168.2.44981213.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:04 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:04 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:04 GMT
                        Content-Type: text/xml
                        Content-Length: 415
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                        ETag: "0x8DC582B988EBD12"
                        x-ms-request-id: 6a901ce3-301e-005d-708c-15e448000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071704Z-15767c5fc5546rn6ch9zv310e00000000530000000009h1a
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:04 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                        Session IDSource IPSource PortDestination IPDestination Port
                        44192.168.2.44981313.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:05 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:05 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:05 GMT
                        Content-Type: text/xml
                        Content-Length: 419
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                        ETag: "0x8DC582BB32BB5CB"
                        x-ms-request-id: c2ca9d4d-801e-0035-458c-15752a000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071705Z-15767c5fc55lghvzbxktxfqntw0000000bug000000008q6v
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:05 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                        Session IDSource IPSource PortDestination IPDestination Port
                        45192.168.2.44981513.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:05 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:05 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:05 GMT
                        Content-Type: text/xml
                        Content-Length: 494
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                        ETag: "0x8DC582BB8972972"
                        x-ms-request-id: 831ef799-b01e-0098-7b8c-15cead000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071705Z-15767c5fc55gq5fmm10nm5qqr80000000cag0000000046e4
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:05 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        46192.168.2.44981413.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:05 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:05 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:05 GMT
                        Content-Type: text/xml
                        Content-Length: 471
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                        ETag: "0x8DC582BB5815C4C"
                        x-ms-request-id: 75493038-e01e-00aa-508c-15ceda000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071705Z-15767c5fc55qdcd62bsn50hd6s0000000bx0000000009eyh
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:05 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        47192.168.2.44981613.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:05 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:05 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:05 GMT
                        Content-Type: text/xml
                        Content-Length: 420
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                        ETag: "0x8DC582B9DAE3EC0"
                        x-ms-request-id: a7623418-001e-00a2-348c-15d4d5000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071705Z-15767c5fc55472x4k7dmphmadg0000000bv0000000006g7q
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:05 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                        Session IDSource IPSource PortDestination IPDestination Port
                        48192.168.2.44981713.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:05 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:05 UTC471INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:05 GMT
                        Content-Type: text/xml
                        Content-Length: 472
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                        ETag: "0x8DC582B9D43097E"
                        x-ms-request-id: e9218bc6-701e-005c-6b2d-16bb94000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071705Z-15767c5fc55rg5b7sh1vuv8t7n0000000ckg000000002uxy
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_MISS
                        Accept-Ranges: bytes
                        2024-10-04 07:17:05 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        49192.168.2.44981813.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:05 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:05 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:05 GMT
                        Content-Type: text/xml
                        Content-Length: 427
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                        ETag: "0x8DC582BA909FA21"
                        x-ms-request-id: eccf174e-001e-0079-238c-1512e8000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071705Z-15767c5fc55kg97hfq5uqyxxaw0000000c9g000000001b3q
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:05 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                        Session IDSource IPSource PortDestination IPDestination Port
                        50192.168.2.44982013.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:05 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:05 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:05 GMT
                        Content-Type: text/xml
                        Content-Length: 423
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                        ETag: "0x8DC582BB7564CE8"
                        x-ms-request-id: bb2e28bd-501e-0016-0b8c-15181b000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071705Z-15767c5fc552g4w83buhsr3htc0000000c7g000000003vh4
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:05 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                        Session IDSource IPSource PortDestination IPDestination Port
                        51192.168.2.44981913.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:05 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:05 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:05 GMT
                        Content-Type: text/xml
                        Content-Length: 486
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                        ETag: "0x8DC582B92FCB436"
                        x-ms-request-id: 76615707-c01e-0082-6a8c-15af72000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071705Z-15767c5fc55n4msds84xh4z67w00000005wg000000005dt9
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:05 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        52192.168.2.44982213.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:06 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:06 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:06 GMT
                        Content-Type: text/xml
                        Content-Length: 404
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                        ETag: "0x8DC582B95C61A3C"
                        x-ms-request-id: 0dcb6c6d-e01e-0003-668c-150fa8000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071706Z-15767c5fc55xsgnlxyxy40f4m00000000c2g000000005uvz
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:06 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                        Session IDSource IPSource PortDestination IPDestination Port
                        53192.168.2.44982113.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:06 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:06 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:06 GMT
                        Content-Type: text/xml
                        Content-Length: 478
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                        ETag: "0x8DC582B9B233827"
                        x-ms-request-id: 4da5bf60-a01e-0070-668c-15573b000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071706Z-15767c5fc55852fxfeh7csa2dn0000000c4g000000003wcz
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:06 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        54192.168.2.44982313.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:06 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:06 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:06 GMT
                        Content-Type: text/xml
                        Content-Length: 468
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                        ETag: "0x8DC582BB046B576"
                        x-ms-request-id: 8789ddbb-a01e-0084-6a8c-159ccd000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071706Z-15767c5fc55ncqdn59ub6rndq00000000bxg000000002z39
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:06 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        55192.168.2.44982513.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:06 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:06 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:06 GMT
                        Content-Type: text/xml
                        Content-Length: 479
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                        ETag: "0x8DC582BB7D702D0"
                        x-ms-request-id: 772ea1ab-e01e-003c-188c-15c70b000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071706Z-15767c5fc552g4w83buhsr3htc0000000c6g000000005hk8
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:06 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        56192.168.2.44982413.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:06 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:06 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:06 GMT
                        Content-Type: text/xml
                        Content-Length: 400
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                        ETag: "0x8DC582BB2D62837"
                        x-ms-request-id: 9bed673a-001e-0046-278c-15da4b000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071706Z-15767c5fc55852fxfeh7csa2dn0000000c40000000004gbf
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:06 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                        Session IDSource IPSource PortDestination IPDestination Port
                        57192.168.2.44982613.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:07 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:07 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:07 GMT
                        Content-Type: text/xml
                        Content-Length: 425
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                        ETag: "0x8DC582BBA25094F"
                        x-ms-request-id: 3a0dcc46-601e-0032-6c8c-15eebb000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071707Z-15767c5fc55lghvzbxktxfqntw0000000bz00000000023hh
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:07 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                        Session IDSource IPSource PortDestination IPDestination Port
                        58192.168.2.44982713.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:07 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:07 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:07 GMT
                        Content-Type: text/xml
                        Content-Length: 475
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                        ETag: "0x8DC582BB2BE84FD"
                        x-ms-request-id: 15fe0b87-a01e-0002-3b8c-155074000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071707Z-15767c5fc55fdfx81a30vtr1fw0000000cdg00000000bxaw
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:07 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        59192.168.2.44982913.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:07 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:07 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:07 GMT
                        Content-Type: text/xml
                        Content-Length: 448
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                        ETag: "0x8DC582BB389F49B"
                        x-ms-request-id: 1f480944-c01e-002b-018c-156e00000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071707Z-15767c5fc55gq5fmm10nm5qqr80000000cag0000000046g3
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:07 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                        Session IDSource IPSource PortDestination IPDestination Port
                        60192.168.2.44982813.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:07 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:07 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:07 GMT
                        Content-Type: text/xml
                        Content-Length: 491
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                        ETag: "0x8DC582B98B88612"
                        x-ms-request-id: c54fbac1-901e-008f-588c-1567a6000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071707Z-15767c5fc55qkvj6n60pxm9mbw00000001b0000000005nfn
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:07 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        61192.168.2.44983013.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:07 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:07 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:07 GMT
                        Content-Type: text/xml
                        Content-Length: 416
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                        ETag: "0x8DC582BAEA4B445"
                        x-ms-request-id: 75858473-001e-000b-318c-1515a7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071707Z-15767c5fc552g4w83buhsr3htc0000000c4000000000adce
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:07 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                        Session IDSource IPSource PortDestination IPDestination Port
                        62192.168.2.44983113.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:08 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:08 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:08 GMT
                        Content-Type: text/xml
                        Content-Length: 479
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                        ETag: "0x8DC582B989EE75B"
                        x-ms-request-id: 76252b1b-c01e-0066-488c-15a1ec000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071708Z-15767c5fc55xsgnlxyxy40f4m00000000c700000000002cw
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:08 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        63192.168.2.44983213.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:08 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:08 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:08 GMT
                        Content-Type: text/xml
                        Content-Length: 415
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                        ETag: "0x8DC582BA80D96A1"
                        x-ms-request-id: b9a197f6-401e-0078-3b8c-154d34000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071708Z-15767c5fc55d6fcl6x6bw8cpdc0000000bz000000000cdud
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:08 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                        Session IDSource IPSource PortDestination IPDestination Port
                        64192.168.2.44983513.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:08 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:08 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:08 GMT
                        Content-Type: text/xml
                        Content-Length: 477
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                        ETag: "0x8DC582BA54DCC28"
                        x-ms-request-id: 7be6812e-d01e-008e-528c-15387a000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071708Z-15767c5fc55lghvzbxktxfqntw0000000bw0000000006eve
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:08 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        65192.168.2.44983313.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:08 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:08 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:08 GMT
                        Content-Type: text/xml
                        Content-Length: 471
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                        ETag: "0x8DC582B97E6FCDD"
                        x-ms-request-id: b83a8dc4-f01e-003f-308c-15d19d000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071708Z-15767c5fc55jdxmppy6cmd24bn00000004ag00000000abuf
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:08 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        66192.168.2.44983413.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:08 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:08 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:08 GMT
                        Content-Type: text/xml
                        Content-Length: 419
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                        ETag: "0x8DC582B9C710B28"
                        x-ms-request-id: 2f8443ca-b01e-0070-308c-151cc0000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071708Z-15767c5fc55ncqdn59ub6rndq00000000bzg0000000008gd
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:08 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                        Session IDSource IPSource PortDestination IPDestination Port
                        67192.168.2.44983613.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:08 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:08 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:08 GMT
                        Content-Type: text/xml
                        Content-Length: 419
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                        ETag: "0x8DC582BB7F164C3"
                        x-ms-request-id: 1f480aea-c01e-002b-028c-156e00000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071708Z-15767c5fc55tsfp92w7yna557w0000000c3g00000000av4x
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:08 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                        Session IDSource IPSource PortDestination IPDestination Port
                        68192.168.2.44983713.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:08 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:08 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:08 GMT
                        Content-Type: text/xml
                        Content-Length: 477
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                        ETag: "0x8DC582BA48B5BDD"
                        x-ms-request-id: 7be6821c-d01e-008e-398c-15387a000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071708Z-15767c5fc55rg5b7sh1vuv8t7n0000000cm0000000002nmp
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:08 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        69192.168.2.44983813.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:09 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:09 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:09 GMT
                        Content-Type: text/xml
                        Content-Length: 419
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                        ETag: "0x8DC582B9FF95F80"
                        x-ms-request-id: 16d3a614-701e-0032-288c-15a540000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071709Z-15767c5fc55gq5fmm10nm5qqr80000000c9g000000005scp
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:09 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                        Session IDSource IPSource PortDestination IPDestination Port
                        70192.168.2.44984013.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:09 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:09 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:09 GMT
                        Content-Type: text/xml
                        Content-Length: 468
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                        ETag: "0x8DC582BB3EAF226"
                        x-ms-request-id: cce0beff-001e-0082-398c-155880000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071709Z-15767c5fc55dtdv4d4saq7t47n0000000by0000000007emz
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:09 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                        Session IDSource IPSource PortDestination IPDestination Port
                        71192.168.2.44983913.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:09 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:09 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:09 GMT
                        Content-Type: text/xml
                        Content-Length: 472
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                        ETag: "0x8DC582BB650C2EC"
                        x-ms-request-id: aa883537-b01e-0053-4c8c-15cdf8000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071709Z-15767c5fc55gq5fmm10nm5qqr80000000cc0000000002n6v
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:09 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        72192.168.2.44984213.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:09 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:09 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:09 GMT
                        Content-Type: text/xml
                        Content-Length: 411
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                        ETag: "0x8DC582B989AF051"
                        x-ms-request-id: be018b72-401e-0035-7e8c-1582d8000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071709Z-15767c5fc552g4w83buhsr3htc0000000c7g000000003vmt
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:09 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                        Session IDSource IPSource PortDestination IPDestination Port
                        73192.168.2.44984113.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:09 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:09 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:09 GMT
                        Content-Type: text/xml
                        Content-Length: 485
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                        ETag: "0x8DC582BB9769355"
                        x-ms-request-id: dc68dac5-201e-006e-298c-15bbe3000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071709Z-15767c5fc55kg97hfq5uqyxxaw0000000c8g000000002qhn
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:09 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        74192.168.2.44984313.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:09 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:09 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:09 GMT
                        Content-Type: text/xml
                        Content-Length: 470
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                        ETag: "0x8DC582BBB181F65"
                        x-ms-request-id: 4da5c699-a01e-0070-198c-15573b000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071709Z-15767c5fc55rg5b7sh1vuv8t7n0000000cng00000000089b
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:09 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        75192.168.2.44984513.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:09 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:09 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:09 GMT
                        Content-Type: text/xml
                        Content-Length: 502
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                        ETag: "0x8DC582BB6A0D312"
                        x-ms-request-id: 801e2bd2-b01e-0021-6a8c-15cab7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071709Z-15767c5fc55852fxfeh7csa2dn0000000c1g000000008c02
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:09 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        76192.168.2.44984413.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:09 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:09 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:09 GMT
                        Content-Type: text/xml
                        Content-Length: 427
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                        ETag: "0x8DC582BB556A907"
                        x-ms-request-id: be018b82-401e-0035-0c8c-1582d8000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071709Z-15767c5fc55lghvzbxktxfqntw0000000bz00000000023n3
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:09 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                        Session IDSource IPSource PortDestination IPDestination Port
                        77192.168.2.44984613.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:10 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:10 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:10 GMT
                        Content-Type: text/xml
                        Content-Length: 407
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                        ETag: "0x8DC582B9D30478D"
                        x-ms-request-id: 285c7e33-c01e-008e-718c-157381000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071710Z-15767c5fc55xsgnlxyxy40f4m00000000c300000000075ua
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:10 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                        Session IDSource IPSource PortDestination IPDestination Port
                        78192.168.2.44984713.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:10 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:10 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:10 GMT
                        Content-Type: text/xml
                        Content-Length: 474
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                        ETag: "0x8DC582BB3F48DAE"
                        x-ms-request-id: 1cc309a5-e01e-0071-358c-1508e7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071710Z-15767c5fc55jdxmppy6cmd24bn00000004eg000000003zx9
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:10 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        79192.168.2.44984813.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:10 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:10 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:10 GMT
                        Content-Type: text/xml
                        Content-Length: 408
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                        ETag: "0x8DC582BB9B6040B"
                        x-ms-request-id: 04c46130-501e-0064-028c-151f54000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071710Z-15767c5fc55fdfx81a30vtr1fw0000000chg000000004vht
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:10 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                        Session IDSource IPSource PortDestination IPDestination Port
                        80192.168.2.44984913.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:10 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:10 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:10 GMT
                        Content-Type: text/xml
                        Content-Length: 469
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                        ETag: "0x8DC582BB3CAEBB8"
                        x-ms-request-id: 6a902a44-301e-005d-788c-15e448000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071710Z-15767c5fc55sdcjq8ksxt4n9mc00000001fg0000000070rx
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:10 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        81192.168.2.44985013.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:10 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:10 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:10 GMT
                        Content-Type: text/xml
                        Content-Length: 416
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                        ETag: "0x8DC582BB5284CCE"
                        x-ms-request-id: 15fe14b4-a01e-0002-638c-155074000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071710Z-15767c5fc55qdcd62bsn50hd6s0000000by0000000008796
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:10 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                        Session IDSource IPSource PortDestination IPDestination Port
                        82192.168.2.44985113.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:11 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:11 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:11 GMT
                        Content-Type: text/xml
                        Content-Length: 472
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                        ETag: "0x8DC582B91EAD002"
                        x-ms-request-id: 4da5c882-a01e-0070-628c-15573b000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071711Z-15767c5fc55jdxmppy6cmd24bn00000004e0000000004am9
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:11 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        83192.168.2.44985213.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:11 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:11 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:11 GMT
                        Content-Type: text/xml
                        Content-Length: 432
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                        ETag: "0x8DC582BAABA2A10"
                        x-ms-request-id: 15fe1592-a01e-0002-378c-155074000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071711Z-15767c5fc554wklc0x4mc5pq0w0000000ckg000000002z1h
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:11 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                        Session IDSource IPSource PortDestination IPDestination Port
                        84192.168.2.44985313.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:11 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:11 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:11 GMT
                        Content-Type: text/xml
                        Content-Length: 475
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                        ETag: "0x8DC582BBA740822"
                        x-ms-request-id: b9a19b13-401e-0078-148c-154d34000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071711Z-15767c5fc554wklc0x4mc5pq0w0000000cdg00000000bssh
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:11 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        85192.168.2.44985413.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:11 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:11 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:11 GMT
                        Content-Type: text/xml
                        Content-Length: 427
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                        ETag: "0x8DC582BB464F255"
                        x-ms-request-id: 9bed6e8e-001e-0046-5b8c-15da4b000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071711Z-15767c5fc55dtdv4d4saq7t47n0000000bx0000000008n0m
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:11 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                        Session IDSource IPSource PortDestination IPDestination Port
                        86192.168.2.44985513.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:11 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:11 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:11 GMT
                        Content-Type: text/xml
                        Content-Length: 474
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                        ETag: "0x8DC582BA4037B0D"
                        x-ms-request-id: e08726cd-901e-00a0-738c-156a6d000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071711Z-15767c5fc55gs96cphvgp5f5vc0000000c3000000000626b
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:11 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        87192.168.2.44986013.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:12 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:12 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:12 GMT
                        Content-Type: text/xml
                        Content-Length: 174
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                        ETag: "0x8DC582B91D80E15"
                        x-ms-request-id: 4da5cae8-a01e-0070-0e8c-15573b000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071712Z-15767c5fc554wklc0x4mc5pq0w0000000cdg00000000bst7
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:12 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                        Session IDSource IPSource PortDestination IPDestination Port
                        88192.168.2.44985913.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:12 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:12 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:12 GMT
                        Content-Type: text/xml
                        Content-Length: 468
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                        ETag: "0x8DC582BBA642BF4"
                        x-ms-request-id: 4a2177bf-401e-00a3-638c-158b09000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071712Z-15767c5fc55lghvzbxktxfqntw0000000bu000000000a045
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:12 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        89192.168.2.44985613.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:12 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:12 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:12 GMT
                        Content-Type: text/xml
                        Content-Length: 419
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                        ETag: "0x8DC582BA6CF78C8"
                        x-ms-request-id: 766164d5-c01e-0082-668c-15af72000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071712Z-15767c5fc55gs96cphvgp5f5vc0000000c0000000000atbw
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:12 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                        Session IDSource IPSource PortDestination IPDestination Port
                        90192.168.2.44985713.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:12 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:12 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:12 GMT
                        Content-Type: text/xml
                        Content-Length: 472
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                        ETag: "0x8DC582B984BF177"
                        x-ms-request-id: dcc4dd0d-f01e-0099-7c8c-159171000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071712Z-15767c5fc55jdxmppy6cmd24bn00000004dg000000005g8z
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:12 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        91192.168.2.44985813.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:12 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:12 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:12 GMT
                        Content-Type: text/xml
                        Content-Length: 405
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                        ETag: "0x8DC582B942B6AFF"
                        x-ms-request-id: d59d44fd-601e-003e-698c-153248000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071712Z-15767c5fc55rv8zjq9dg0musxg0000000c5g000000006avw
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:12 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                        Session IDSource IPSource PortDestination IPDestination Port
                        92192.168.2.44986213.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:12 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:12 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:12 GMT
                        Content-Type: text/xml
                        Content-Length: 1952
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                        ETag: "0x8DC582B956B0F3D"
                        x-ms-request-id: 1cc30b66-e01e-0071-368c-1508e7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071712Z-15767c5fc55qkvj6n60pxm9mbw00000001e0000000001k7e
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:12 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                        Session IDSource IPSource PortDestination IPDestination Port
                        93192.168.2.44986413.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:12 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:12 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:12 GMT
                        Content-Type: text/xml
                        Content-Length: 501
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                        ETag: "0x8DC582BACFDAACD"
                        x-ms-request-id: 0da9586c-701e-0097-318c-15b8c1000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071712Z-15767c5fc55ncqdn59ub6rndq00000000bu0000000007vgy
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:12 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                        Session IDSource IPSource PortDestination IPDestination Port
                        94192.168.2.44986513.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:12 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:12 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:12 GMT
                        Content-Type: text/xml
                        Content-Length: 2592
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                        ETag: "0x8DC582BB5B890DB"
                        x-ms-request-id: b9a19cb7-401e-0078-068c-154d34000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071712Z-15767c5fc55qkvj6n60pxm9mbw00000001b0000000005nkp
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:12 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                        Session IDSource IPSource PortDestination IPDestination Port
                        95192.168.2.44986313.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:12 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:13 UTC470INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:12 GMT
                        Content-Type: text/xml
                        Content-Length: 958
                        Connection: close
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                        ETag: "0x8DC582BA0A31B3B"
                        x-ms-request-id: 8e9c9a52-201e-000c-6b8c-1579c4000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071712Z-15767c5fc55n4msds84xh4z67w00000005u0000000009t67
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:13 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                        Session IDSource IPSource PortDestination IPDestination Port
                        96192.168.2.44986713.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:13 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:13 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:13 GMT
                        Content-Type: text/xml
                        Content-Length: 2284
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                        ETag: "0x8DC582BCD58BEEE"
                        x-ms-request-id: 82f8c3b9-c01e-0014-418c-15a6a3000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071713Z-15767c5fc552g4w83buhsr3htc0000000c7g000000003vq5
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:13 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                        Session IDSource IPSource PortDestination IPDestination Port
                        97192.168.2.44987013.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:13 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:13 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:13 GMT
                        Content-Type: text/xml
                        Content-Length: 1393
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                        ETag: "0x8DC582BE39DFC9B"
                        x-ms-request-id: 7afec079-601e-000d-468c-152618000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071713Z-15767c5fc55lghvzbxktxfqntw0000000c0g0000000000dr
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:13 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                        Session IDSource IPSource PortDestination IPDestination Port
                        98192.168.2.44986813.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:13 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:13 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:13 GMT
                        Content-Type: text/xml
                        Content-Length: 1393
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                        ETag: "0x8DC582BE3E55B6E"
                        x-ms-request-id: b23951fc-501e-005b-2a8c-15d7f7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071713Z-15767c5fc55fdfx81a30vtr1fw0000000ceg000000009kds
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:13 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                        Session IDSource IPSource PortDestination IPDestination Port
                        99192.168.2.44986913.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:13 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:13 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:13 GMT
                        Content-Type: text/xml
                        Content-Length: 1356
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                        ETag: "0x8DC582BDC681E17"
                        x-ms-request-id: b9a19e00-401e-0078-388c-154d34000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071713Z-15767c5fc554l9xf959gp9cb1s00000006a0000000007w6c
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:13 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                        Session IDSource IPSource PortDestination IPDestination Port
                        100192.168.2.44986613.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:13 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:13 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:13 GMT
                        Content-Type: text/xml
                        Content-Length: 3342
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                        ETag: "0x8DC582B927E47E9"
                        x-ms-request-id: 1cc30bd5-e01e-0071-1a8c-1508e7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071713Z-15767c5fc554w2fgapsyvy8ua00000000br0000000004hg4
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:13 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                        Session IDSource IPSource PortDestination IPDestination Port
                        101192.168.2.44987113.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:14 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:14 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:14 GMT
                        Content-Type: text/xml
                        Content-Length: 1356
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                        ETag: "0x8DC582BDF66E42D"
                        x-ms-request-id: 3ef81e2a-f01e-001f-3f8c-155dc8000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071714Z-15767c5fc55w69c2zvnrz0gmgw0000000ca000000000bng2
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:14 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                        Session IDSource IPSource PortDestination IPDestination Port
                        102192.168.2.44987413.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:14 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:14 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:14 GMT
                        Content-Type: text/xml
                        Content-Length: 1395
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                        ETag: "0x8DC582BDE12A98D"
                        x-ms-request-id: 1392789d-401e-0047-0e8c-158597000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071714Z-15767c5fc554w2fgapsyvy8ua00000000bt0000000001rny
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:14 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                        Session IDSource IPSource PortDestination IPDestination Port
                        103192.168.2.44987213.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:14 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:14 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:14 GMT
                        Content-Type: text/xml
                        Content-Length: 1395
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                        ETag: "0x8DC582BE017CAD3"
                        x-ms-request-id: a68e09c4-f01e-0052-148c-159224000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071714Z-15767c5fc554w2fgapsyvy8ua00000000bmg00000000a835
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:14 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                        Session IDSource IPSource PortDestination IPDestination Port
                        104192.168.2.44987313.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:14 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:14 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:14 GMT
                        Content-Type: text/xml
                        Content-Length: 1358
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                        ETag: "0x8DC582BE6431446"
                        x-ms-request-id: 6a90313a-301e-005d-1a8c-15e448000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071714Z-15767c5fc55tsfp92w7yna557w0000000c7g0000000046gm
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:14 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                        Session IDSource IPSource PortDestination IPDestination Port
                        105192.168.2.44987513.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:14 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:14 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:14 GMT
                        Content-Type: text/xml
                        Content-Length: 1358
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                        ETag: "0x8DC582BE022ECC5"
                        x-ms-request-id: a76247f8-001e-00a2-558c-15d4d5000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071714Z-15767c5fc55xsgnlxyxy40f4m00000000c0000000000a5ru
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:14 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                        Session IDSource IPSource PortDestination IPDestination Port
                        106192.168.2.44987613.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:15 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:15 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:15 GMT
                        Content-Type: text/xml
                        Content-Length: 1389
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                        ETag: "0x8DC582BE10A6BC1"
                        x-ms-request-id: 7afec1f8-601e-000d-328c-152618000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071715Z-15767c5fc554l9xf959gp9cb1s00000006cg000000004ahc
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:15 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                        Session IDSource IPSource PortDestination IPDestination Port
                        107192.168.2.44987913.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:15 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:15 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:15 GMT
                        Content-Type: text/xml
                        Content-Length: 1368
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                        ETag: "0x8DC582BDDC22447"
                        x-ms-request-id: c825d9ef-901e-007b-278c-15ac50000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071715Z-15767c5fc55rv8zjq9dg0musxg0000000c5g000000006ay8
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:15 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                        Session IDSource IPSource PortDestination IPDestination Port
                        108192.168.2.44987713.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:15 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:15 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:15 GMT
                        Content-Type: text/xml
                        Content-Length: 1352
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                        ETag: "0x8DC582BE9DEEE28"
                        x-ms-request-id: 92784c80-801e-002a-088c-1531dc000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071715Z-15767c5fc554w2fgapsyvy8ua00000000brg000000003xk5
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:15 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                        Session IDSource IPSource PortDestination IPDestination Port
                        109192.168.2.44987813.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:15 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:15 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:15 GMT
                        Content-Type: text/xml
                        Content-Length: 1405
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                        ETag: "0x8DC582BE12B5C71"
                        x-ms-request-id: 4a217eb8-401e-00a3-218c-158b09000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071715Z-15767c5fc5546rn6ch9zv310e0000000055g00000000562z
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:15 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                        Session IDSource IPSource PortDestination IPDestination Port
                        110192.168.2.44988013.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:15 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:15 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:15 GMT
                        Content-Type: text/xml
                        Content-Length: 1401
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                        ETag: "0x8DC582BE055B528"
                        x-ms-request-id: 6a90350a-301e-005d-348c-15e448000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071715Z-15767c5fc55fdfx81a30vtr1fw0000000cfg000000007vrc
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:15 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                        Session IDSource IPSource PortDestination IPDestination Port
                        111192.168.2.44988113.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:16 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:16 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:16 GMT
                        Content-Type: text/xml
                        Content-Length: 1364
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                        ETag: "0x8DC582BE1223606"
                        x-ms-request-id: ed356ac5-101e-0046-2b8c-1591b0000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071716Z-15767c5fc55fdfx81a30vtr1fw0000000cg0000000007mgw
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:16 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                        Session IDSource IPSource PortDestination IPDestination Port
                        112192.168.2.44988413.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:16 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:16 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:16 GMT
                        Content-Type: text/xml
                        Content-Length: 1403
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                        ETag: "0x8DC582BDCB4853F"
                        x-ms-request-id: 6ec2e3f4-801e-007b-208c-15e7ab000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071716Z-15767c5fc554wklc0x4mc5pq0w0000000ch0000000004xf3
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:16 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                        Session IDSource IPSource PortDestination IPDestination Port
                        113192.168.2.44988313.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:16 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:16 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:16 GMT
                        Content-Type: text/xml
                        Content-Length: 1360
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                        ETag: "0x8DC582BDDEB5124"
                        x-ms-request-id: 29534450-901e-0064-768c-15e8a6000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071716Z-15767c5fc55gq5fmm10nm5qqr80000000c80000000007zd1
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:16 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                        Session IDSource IPSource PortDestination IPDestination Port
                        114192.168.2.44988213.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:16 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:16 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:16 GMT
                        Content-Type: text/xml
                        Content-Length: 1397
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                        ETag: "0x8DC582BE7262739"
                        x-ms-request-id: 76616de5-c01e-0082-6f8c-15af72000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071716Z-15767c5fc552g4w83buhsr3htc0000000c7g000000003vsc
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:16 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                        Session IDSource IPSource PortDestination IPDestination Port
                        115192.168.2.44988513.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:16 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:16 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:16 GMT
                        Content-Type: text/xml
                        Content-Length: 1366
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                        ETag: "0x8DC582BDB779FC3"
                        x-ms-request-id: 0da95f5c-701e-0097-318c-15b8c1000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071716Z-15767c5fc55v7j95gq2uzq37a00000000cfg000000002adb
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:16 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                        Session IDSource IPSource PortDestination IPDestination Port
                        116192.168.2.44988813.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:17 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:17 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:17 GMT
                        Content-Type: text/xml
                        Content-Length: 1360
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                        ETag: "0x8DC582BDD74D2EC"
                        x-ms-request-id: 8be9c1e7-301e-0052-678c-1565d6000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071717Z-15767c5fc5546rn6ch9zv310e00000000570000000002ud0
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:17 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                        Session IDSource IPSource PortDestination IPDestination Port
                        117192.168.2.44988713.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:17 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:17 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:17 GMT
                        Content-Type: text/xml
                        Content-Length: 1397
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                        ETag: "0x8DC582BDFD43C07"
                        x-ms-request-id: 704395e8-201e-005d-718c-15afb3000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071717Z-15767c5fc55w69c2zvnrz0gmgw0000000ceg000000003tqx
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:17 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                        Session IDSource IPSource PortDestination IPDestination Port
                        118192.168.2.44988913.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:17 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:17 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:17 GMT
                        Content-Type: text/xml
                        Content-Length: 1427
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                        ETag: "0x8DC582BE56F6873"
                        x-ms-request-id: dc68e902-201e-006e-0d8c-15bbe3000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071717Z-15767c5fc55rg5b7sh1vuv8t7n0000000cdg00000000be5z
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:17 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                        Session IDSource IPSource PortDestination IPDestination Port
                        119192.168.2.44989013.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:17 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:17 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:17 GMT
                        Content-Type: text/xml
                        Content-Length: 1390
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                        ETag: "0x8DC582BE3002601"
                        x-ms-request-id: 21dfe39b-001e-0049-468c-155bd5000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071717Z-15767c5fc55gq5fmm10nm5qqr80000000cbg000000002wvr
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:17 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                        Session IDSource IPSource PortDestination IPDestination Port
                        120192.168.2.44989113.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:17 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:17 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:17 GMT
                        Content-Type: text/xml
                        Content-Length: 1401
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                        ETag: "0x8DC582BE2A9D541"
                        x-ms-request-id: 82f8cc24-c01e-0014-3a8c-15a6a3000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071717Z-15767c5fc552g4w83buhsr3htc0000000c500000000089x7
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:17 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                        Session IDSource IPSource PortDestination IPDestination Port
                        121192.168.2.44989513.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:18 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:18 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:18 GMT
                        Content-Type: text/xml
                        Content-Length: 1403
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                        ETag: "0x8DC582BDCDD6400"
                        x-ms-request-id: 819d4321-f01e-0020-6e8c-15956b000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071718Z-15767c5fc55whfstvfw43u8fp40000000c7g00000000agta
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:18 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                        Session IDSource IPSource PortDestination IPDestination Port
                        122192.168.2.44989413.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:18 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:18 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:18 GMT
                        Content-Type: text/xml
                        Content-Length: 1354
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                        ETag: "0x8DC582BE0662D7C"
                        x-ms-request-id: 76253f94-c01e-0066-328c-15a1ec000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071718Z-15767c5fc55ncqdn59ub6rndq00000000bs000000000c4fn
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:18 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                        Session IDSource IPSource PortDestination IPDestination Port
                        123192.168.2.44989213.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:18 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:18 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:18 GMT
                        Content-Type: text/xml
                        Content-Length: 1364
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                        ETag: "0x8DC582BEB6AD293"
                        x-ms-request-id: ba3c7a68-301e-0099-698c-156683000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071718Z-15767c5fc55472x4k7dmphmadg0000000bs000000000bg1t
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:18 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                        Session IDSource IPSource PortDestination IPDestination Port
                        124192.168.2.44989313.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:18 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:18 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:18 GMT
                        Content-Type: text/xml
                        Content-Length: 1391
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                        ETag: "0x8DC582BDF58DC7E"
                        x-ms-request-id: 023e591f-a01e-003d-618c-1598d7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071718Z-15767c5fc55rg5b7sh1vuv8t7n0000000cn00000000011cx
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:18 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                        Session IDSource IPSource PortDestination IPDestination Port
                        125192.168.2.44989613.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:18 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:18 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:18 GMT
                        Content-Type: text/xml
                        Content-Length: 1366
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                        ETag: "0x8DC582BDF1E2608"
                        x-ms-request-id: fb0d4061-601e-0050-198c-152c9c000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071718Z-15767c5fc5546rn6ch9zv310e00000000580000000001fac
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:18 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                        Session IDSource IPSource PortDestination IPDestination Port
                        126192.168.2.44990113.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:18 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:19 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:18 GMT
                        Content-Type: text/xml
                        Content-Length: 1403
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                        ETag: "0x8DC582BDC2EEE03"
                        x-ms-request-id: 89fd357a-501e-008f-758c-159054000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071718Z-15767c5fc55852fxfeh7csa2dn0000000c40000000004gm1
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:19 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                        Session IDSource IPSource PortDestination IPDestination Port
                        127192.168.2.44989913.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:18 UTC192OUTGET /rules/rule701051v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:19 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:18 GMT
                        Content-Type: text/xml
                        Content-Length: 1399
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT
                        ETag: "0x8DC582BE1CC18CD"
                        x-ms-request-id: a68e0dd8-f01e-0052-1d8c-159224000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071718Z-15767c5fc55ncqdn59ub6rndq00000000bxg000000002z8t
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:19 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe


                        Session IDSource IPSource PortDestination IPDestination Port
                        128192.168.2.44989713.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:18 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:19 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:18 GMT
                        Content-Type: text/xml
                        Content-Length: 1362
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                        ETag: "0x8DC582BDF497570"
                        x-ms-request-id: 7585955c-001e-000b-518c-1515a7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071718Z-15767c5fc554w2fgapsyvy8ua00000000br0000000004hka
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:19 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                        Session IDSource IPSource PortDestination IPDestination Port
                        129192.168.2.44990013.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:18 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:19 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:18 GMT
                        Content-Type: text/xml
                        Content-Length: 1366
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                        ETag: "0x8DC582BEA414B16"
                        x-ms-request-id: a7582d38-101e-0028-528c-158f64000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071718Z-15767c5fc55sdcjq8ksxt4n9mc00000001hg000000003qm0
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:19 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                        Session IDSource IPSource PortDestination IPDestination Port
                        130192.168.2.44989813.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:18 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:19 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:18 GMT
                        Content-Type: text/xml
                        Content-Length: 1399
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                        ETag: "0x8DC582BE8C605FF"
                        x-ms-request-id: 831f1653-b01e-0098-198c-15cead000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071718Z-15767c5fc552g4w83buhsr3htc0000000c80000000003ckp
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:19 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                        Session IDSource IPSource PortDestination IPDestination Port
                        131192.168.2.44990213.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:19 UTC192OUTGET /rules/rule701050v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:19 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:19 GMT
                        Content-Type: text/xml
                        Content-Length: 1362
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                        ETag: "0x8DC582BEB256F43"
                        x-ms-request-id: 757cff4f-401e-000a-528c-154a7b000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071719Z-15767c5fc55gq5fmm10nm5qqr80000000cag0000000046tb
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:19 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">


                        Session IDSource IPSource PortDestination IPDestination Port
                        132192.168.2.44990313.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:19 UTC192OUTGET /rules/rule702751v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:19 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:19 GMT
                        Content-Type: text/xml
                        Content-Length: 1403
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                        ETag: "0x8DC582BEB866CDB"
                        x-ms-request-id: b2395a75-501e-005b-038c-15d7f7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071719Z-15767c5fc55kg97hfq5uqyxxaw0000000c800000000031e3
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:19 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                        Session IDSource IPSource PortDestination IPDestination Port
                        133192.168.2.44990413.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:19 UTC192OUTGET /rules/rule702750v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:19 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:19 GMT
                        Content-Type: text/xml
                        Content-Length: 1366
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                        ETag: "0x8DC582BE5B7B174"
                        x-ms-request-id: 9bed7ce1-001e-0046-4f8c-15da4b000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071719Z-15767c5fc554w2fgapsyvy8ua00000000bpg000000006ac0
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:19 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2


                        Session IDSource IPSource PortDestination IPDestination Port
                        134192.168.2.44990513.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:19 UTC192OUTGET /rules/rule702301v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:19 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:19 GMT
                        Content-Type: text/xml
                        Content-Length: 1399
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT
                        ETag: "0x8DC582BE976026E"
                        x-ms-request-id: 7baaa16d-b01e-0097-4d8c-154f33000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071719Z-15767c5fc55ncqdn59ub6rndq00000000bwg000000004nd6
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:19 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr


                        Session IDSource IPSource PortDestination IPDestination Port
                        135192.168.2.44990613.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:19 UTC192OUTGET /rules/rule702300v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:19 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:19 GMT
                        Content-Type: text/xml
                        Content-Length: 1362
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                        ETag: "0x8DC582BDC13EFEF"
                        x-ms-request-id: 819d44cb-f01e-0020-6f8c-15956b000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071719Z-15767c5fc55rv8zjq9dg0musxg0000000c600000000069fq
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:19 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">


                        Session IDSource IPSource PortDestination IPDestination Port
                        136192.168.2.44990813.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:20 UTC192OUTGET /rules/rule703400v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:20 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:20 GMT
                        Content-Type: text/xml
                        Content-Length: 1388
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                        ETag: "0x8DC582BDBD9126E"
                        x-ms-request-id: 9c5056bf-f01e-0003-548c-154453000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071720Z-15767c5fc55sdcjq8ksxt4n9mc00000001kg000000002cq6
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:20 UTC1388INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M


                        Session IDSource IPSource PortDestination IPDestination Port
                        137192.168.2.44990713.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:20 UTC192OUTGET /rules/rule703401v0s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:20 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:20 GMT
                        Content-Type: text/xml
                        Content-Length: 1425
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                        ETag: "0x8DC582BE6BD89A1"
                        x-ms-request-id: 89fd37a1-501e-008f-6d8c-159054000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071720Z-15767c5fc55ncqdn59ub6rndq00000000bv0000000006hy5
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:20 UTC1425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus


                        Session IDSource IPSource PortDestination IPDestination Port
                        138192.168.2.44991113.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:20 UTC192OUTGET /rules/rule700501v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:20 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:20 GMT
                        Content-Type: text/xml
                        Content-Length: 1405
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT
                        ETag: "0x8DC582BE89A8F82"
                        x-ms-request-id: 56c891cb-f01e-0085-428c-1588ea000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071720Z-15767c5fc554l9xf959gp9cb1s00000006cg000000004an1
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:20 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                        Session IDSource IPSource PortDestination IPDestination Port
                        139192.168.2.44990913.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:20 UTC192OUTGET /rules/rule702501v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:20 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:20 GMT
                        Content-Type: text/xml
                        Content-Length: 1415
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT
                        ETag: "0x8DC582BE7C66E85"
                        x-ms-request-id: 42bb1403-701e-005c-578c-15bb94000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071720Z-15767c5fc55d6fcl6x6bw8cpdc0000000bz000000000ce4d
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:20 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                        Session IDSource IPSource PortDestination IPDestination Port
                        140192.168.2.44991013.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:20 UTC192OUTGET /rules/rule702500v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:20 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:20 GMT
                        Content-Type: text/xml
                        Content-Length: 1378
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                        ETag: "0x8DC582BDB813B3F"
                        x-ms-request-id: be019976-401e-0035-5d8c-1582d8000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071720Z-15767c5fc5546rn6ch9zv310e00000000560000000004f9h
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:20 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        141192.168.2.44991413.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:21 UTC192OUTGET /rules/rule700500v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:21 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:21 GMT
                        Content-Type: text/xml
                        Content-Length: 1368
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                        ETag: "0x8DC582BE51CE7B3"
                        x-ms-request-id: 2f845d93-b01e-0070-2f8c-151cc0000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071721Z-15767c5fc55ncqdn59ub6rndq00000000bvg0000000064m4
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:21 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=


                        Session IDSource IPSource PortDestination IPDestination Port
                        142192.168.2.44991213.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:21 UTC192OUTGET /rules/rule702551v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:21 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:21 GMT
                        Content-Type: text/xml
                        Content-Length: 1415
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                        ETag: "0x8DC582BDCE9703A"
                        x-ms-request-id: 5f7380a8-801e-0015-7b8c-15f97f000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071721Z-15767c5fc55whfstvfw43u8fp40000000c6000000000d8c0
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:21 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                        Session IDSource IPSource PortDestination IPDestination Port
                        143192.168.2.44991513.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:21 UTC192OUTGET /rules/rule702550v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:21 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:21 GMT
                        Content-Type: text/xml
                        Content-Length: 1378
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                        ETag: "0x8DC582BE584C214"
                        x-ms-request-id: b612907a-401e-008c-278c-1586c2000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071721Z-15767c5fc55jdxmppy6cmd24bn00000004hg000000000344
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:21 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />


                        Session IDSource IPSource PortDestination IPDestination Port
                        144192.168.2.44991613.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:21 UTC192OUTGET /rules/rule701350v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:21 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:21 GMT
                        Content-Type: text/xml
                        Content-Length: 1370
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                        ETag: "0x8DC582BDE62E0AB"
                        x-ms-request-id: be019a9f-401e-0035-518c-1582d8000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071721Z-15767c5fc55gs96cphvgp5f5vc0000000c5000000000378x
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:21 UTC1370INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F


                        Session IDSource IPSource PortDestination IPDestination Port
                        145192.168.2.44991313.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:21 UTC192OUTGET /rules/rule701351v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:21 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:21 GMT
                        Content-Type: text/xml
                        Content-Length: 1407
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                        ETag: "0x8DC582BE687B46A"
                        x-ms-request-id: 2d1829d7-b01e-001e-738c-150214000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071721Z-15767c5fc55852fxfeh7csa2dn0000000c60000000001pnt
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:21 UTC1407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                        Session IDSource IPSource PortDestination IPDestination Port
                        146192.168.2.44991713.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:22 UTC192OUTGET /rules/rule702151v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:22 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:22 GMT
                        Content-Type: text/xml
                        Content-Length: 1397
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                        ETag: "0x8DC582BE156D2EE"
                        x-ms-request-id: 36a1620f-001e-0028-0f8c-15c49f000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071722Z-15767c5fc55ncqdn59ub6rndq00000000bzg0000000008s8
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:22 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo


                        Session IDSource IPSource PortDestination IPDestination Port
                        147192.168.2.44991913.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:22 UTC192OUTGET /rules/rule703001v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:22 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:22 GMT
                        Content-Type: text/xml
                        Content-Length: 1406
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                        ETag: "0x8DC582BEB16F27E"
                        x-ms-request-id: 4b0a4db7-c01e-00ad-2d8c-15a2b9000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071722Z-15767c5fc55qkvj6n60pxm9mbw00000001eg000000000zfy
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:22 UTC1406INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                        Session IDSource IPSource PortDestination IPDestination Port
                        148192.168.2.44992013.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:22 UTC192OUTGET /rules/rule703000v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:22 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:22 GMT
                        Content-Type: text/xml
                        Content-Length: 1369
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                        ETag: "0x8DC582BE32FE1A2"
                        x-ms-request-id: 1cc313a1-e01e-0071-4b8c-1508e7000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071722Z-15767c5fc55gq5fmm10nm5qqr80000000cbg000000002wyf
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:22 UTC1369INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T


                        Session IDSource IPSource PortDestination IPDestination Port
                        149192.168.2.44991813.107.246.45443
                        TimestampBytes transferredDirectionData
                        2024-10-04 07:17:22 UTC192OUTGET /rules/rule702150v1s19.xml HTTP/1.1
                        Connection: Keep-Alive
                        Accept-Encoding: gzip
                        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                        Host: otelrules.azureedge.net
                        2024-10-04 07:17:22 UTC563INHTTP/1.1 200 OK
                        Date: Fri, 04 Oct 2024 07:17:22 GMT
                        Content-Type: text/xml
                        Content-Length: 1360
                        Connection: close
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Vary: Accept-Encoding
                        Cache-Control: public, max-age=604800, immutable
                        Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT
                        ETag: "0x8DC582BEDC8193E"
                        x-ms-request-id: e360128a-801e-0083-498c-15f0ae000000
                        x-ms-version: 2018-03-28
                        x-azure-ref: 20241004T071722Z-15767c5fc554w2fgapsyvy8ua00000000btg0000000012pa
                        x-fd-int-roxy-purgeid: 0
                        X-Cache: TCP_HIT
                        Accept-Ranges: bytes
                        2024-10-04 07:17:22 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:03:16:06
                        Start date:04/10/2024
                        Path:C:\Users\user\Desktop\file.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\Desktop\file.exe"
                        Imagebase:0xfc0000
                        File size:919'040 bytes
                        MD5 hash:7C48AC18B5F61D158935BAA710AEF543
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:1
                        Start time:03:16:06
                        Start date:04/10/2024
                        Path:C:\Windows\SysWOW64\taskkill.exe
                        Wow64 process (32bit):true
                        Commandline:taskkill /F /IM chrome.exe /T
                        Imagebase:0xd50000
                        File size:74'240 bytes
                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        General

                        Target ID:2
                        Start time:03:16:06
                        Start date:04/10/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7699e0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:4
                        Start time:03:16:06
                        Start date:04/10/2024
                        Path:C:\Windows\SysWOW64\taskkill.exe
                        Wow64 process (32bit):true
                        Commandline:taskkill /F /IM msedge.exe /T
                        Imagebase:0xd50000
                        File size:74'240 bytes
                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        General

                        Target ID:5
                        Start time:03:16:07
                        Start date:04/10/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7699e0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:6
                        Start time:03:16:07
                        Start date:04/10/2024
                        Path:C:\Windows\SysWOW64\taskkill.exe
                        Wow64 process (32bit):true
                        Commandline:taskkill /F /IM firefox.exe /T
                        Imagebase:0xd50000
                        File size:74'240 bytes
                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        General

                        Target ID:7
                        Start time:03:16:07
                        Start date:04/10/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7699e0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:8
                        Start time:03:16:07
                        Start date:04/10/2024
                        Path:C:\Windows\SysWOW64\taskkill.exe
                        Wow64 process (32bit):true
                        Commandline:taskkill /F /IM opera.exe /T
                        Imagebase:0xd50000
                        File size:74'240 bytes
                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        General

                        Target ID:9
                        Start time:03:16:07
                        Start date:04/10/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7699e0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:10
                        Start time:03:16:08
                        Start date:04/10/2024
                        Path:C:\Windows\SysWOW64\taskkill.exe
                        Wow64 process (32bit):true
                        Commandline:taskkill /F /IM brave.exe /T
                        Imagebase:0xd50000
                        File size:74'240 bytes
                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        General

                        Target ID:11
                        Start time:03:16:08
                        Start date:04/10/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7699e0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:12
                        Start time:03:16:09
                        Start date:04/10/2024
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
                        Imagebase:0x7ff76e190000
                        File size:3'242'272 bytes
                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:14
                        Start time:03:16:10
                        Start date:04/10/2024
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1708 --field-trial-handle=1948,i,6862417218715387766,16326282571381455219,262144 /prefetch:8
                        Imagebase:0x7ff76e190000
                        File size:3'242'272 bytes
                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:false

                        General

                        Target ID:18
                        Start time:03:16:23
                        Start date:04/10/2024
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 --field-trial-handle=1948,i,6862417218715387766,16326282571381455219,262144 /prefetch:8
                        Imagebase:0x7ff76e190000
                        File size:3'242'272 bytes
                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:false

                        General

                        Target ID:19
                        Start time:03:16:23
                        Start date:04/10/2024
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1948,i,6862417218715387766,16326282571381455219,262144 /prefetch:8
                        Imagebase:0x7ff76e190000
                        File size:3'242'272 bytes
                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        Disassembly

                        Reset < >

                          Execution Graph

                          Execution Coverage:2.1%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:4.5%
                          Total number of Nodes:1631
                          Total number of Limit Nodes:51
                          execution_graph 94665 fcdddc 94668 fcb710 94665->94668 94669 fcb72b 94668->94669 94670 1010146 94669->94670 94671 10100f8 94669->94671 94694 fcb750 94669->94694 94734 10458a2 349 API calls 2 library calls 94670->94734 94674 1010102 94671->94674 94677 101010f 94671->94677 94671->94694 94732 1045d33 349 API calls 94674->94732 94695 fcba20 94677->94695 94733 10461d0 349 API calls 2 library calls 94677->94733 94680 10103d9 94680->94680 94682 fcbbe0 40 API calls 94682->94694 94684 fdd336 40 API calls 94684->94694 94686 fcba4e 94687 1010322 94747 1045c0c 82 API calls 94687->94747 94694->94682 94694->94684 94694->94686 94694->94687 94694->94695 94699 fcec40 94694->94699 94723 fca81b 41 API calls 94694->94723 94724 fdd2f0 40 API calls 94694->94724 94725 fda01b 349 API calls 94694->94725 94726 fe0242 5 API calls __Init_thread_wait 94694->94726 94727 fdedcd 22 API calls 94694->94727 94728 fe00a3 29 API calls __onexit 94694->94728 94729 fe01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94694->94729 94730 fdee53 82 API calls 94694->94730 94731 fde5ca 349 API calls 94694->94731 94735 fcaceb 94694->94735 94745 101f6bf 23 API calls 94694->94745 94746 fca8c7 22 API calls __fread_nolock 94694->94746 94695->94686 94748 103359c 82 API calls __wsopen_s 94695->94748 94721 fcec76 ISource 94699->94721 94700 fe01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94700->94721 94701 fdfddb 22 API calls 94701->94721 94703 fcfef7 94716 fced9d ISource 94703->94716 94752 fca8c7 22 API calls __fread_nolock 94703->94752 94705 1014b0b 94754 103359c 82 API calls __wsopen_s 94705->94754 94706 1014600 94706->94716 94751 fca8c7 22 API calls __fread_nolock 94706->94751 94710 fca8c7 22 API calls 94710->94721 94713 fe0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94713->94721 94714 fcfbe3 94714->94716 94718 1014bdc 94714->94718 94722 fcf3ae ISource 94714->94722 94715 fca961 22 API calls 94715->94721 94716->94694 94717 fe00a3 29 API calls pre_c_initialization 94717->94721 94755 103359c 82 API calls __wsopen_s 94718->94755 94720 1014beb 94756 103359c 82 API calls __wsopen_s 94720->94756 94721->94700 94721->94701 94721->94703 94721->94705 94721->94706 94721->94710 94721->94713 94721->94714 94721->94715 94721->94716 94721->94717 94721->94720 94721->94722 94749 fd01e0 349 API calls 2 library calls 94721->94749 94750 fd06a0 41 API calls ISource 94721->94750 94722->94716 94753 103359c 82 API calls __wsopen_s 94722->94753 94723->94694 94724->94694 94725->94694 94726->94694 94727->94694 94728->94694 94729->94694 94730->94694 94731->94694 94732->94677 94733->94695 94734->94694 94736 fcacf9 94735->94736 94744 fcad2a ISource 94735->94744 94737 fcad55 94736->94737 94738 fcad01 ISource 94736->94738 94737->94744 94757 fca8c7 22 API calls __fread_nolock 94737->94757 94740 100fa48 94738->94740 94741 fcad21 94738->94741 94738->94744 94740->94744 94758 fdce17 22 API calls ISource 94740->94758 94742 100fa3a VariantClear 94741->94742 94741->94744 94742->94744 94744->94694 94745->94694 94746->94694 94747->94695 94748->94680 94749->94721 94750->94721 94751->94716 94752->94716 94753->94716 94754->94716 94755->94720 94756->94716 94757->94744 94758->94744 94759 1012a00 94760 fcd7b0 ISource 94759->94760 94761 fcdb11 PeekMessageW 94760->94761 94762 fcd807 GetInputState 94760->94762 94763 1011cbe TranslateAcceleratorW 94760->94763 94765 fcdb8f PeekMessageW 94760->94765 94766 fcda04 timeGetTime 94760->94766 94767 fcdb73 TranslateMessage DispatchMessageW 94760->94767 94768 fcdbaf Sleep 94760->94768 94769 1012b74 Sleep 94760->94769 94772 1011dda timeGetTime 94760->94772 94778 10529bf GetForegroundWindow 94760->94778 94780 fcd9d5 94760->94780 94781 1012aea 94760->94781 94787 fcec40 349 API calls 94760->94787 94791 fcdd50 94760->94791 94798 fd1310 94760->94798 94853 fcbf40 94760->94853 94911 fdedf6 94760->94911 94916 fcdfd0 349 API calls 3 library calls 94760->94916 94917 fde551 timeGetTime 94760->94917 94919 1033a2a 23 API calls 94760->94919 94920 103359c 82 API calls __wsopen_s 94760->94920 94761->94760 94762->94760 94762->94761 94763->94760 94765->94760 94766->94760 94767->94765 94768->94760 94769->94781 94918 fde300 23 API calls 94772->94918 94775 1012c0b GetExitCodeProcess 94776 1012c21 WaitForSingleObject 94775->94776 94777 1012c37 CloseHandle 94775->94777 94776->94760 94776->94777 94777->94781 94778->94760 94781->94760 94781->94775 94781->94780 94782 1012ca9 Sleep 94781->94782 94921 1045658 23 API calls 94781->94921 94922 102e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 94781->94922 94923 fde551 timeGetTime 94781->94923 94924 102d4dc 47 API calls 94781->94924 94782->94760 94787->94760 94792 fcdd6f 94791->94792 94793 fcdd83 94791->94793 94925 fcd260 94792->94925 94957 103359c 82 API calls __wsopen_s 94793->94957 94795 fcdd7a 94795->94760 94797 1012f75 94797->94797 94799 fd1376 94798->94799 94800 fd17b0 94798->94800 94802 1016331 94799->94802 94804 fd1940 9 API calls 94799->94804 95058 fe0242 5 API calls __Init_thread_wait 94800->95058 95068 104709c 349 API calls 94802->95068 94803 fd17ba 94812 fd17fb 94803->94812 95059 fc9cb3 94803->95059 94806 fd13a0 94804->94806 94809 fd1940 9 API calls 94806->94809 94807 101633d 94807->94760 94810 fd13b6 94809->94810 94811 fd13ec 94810->94811 94810->94812 94814 1016346 94811->94814 94837 fd1408 __fread_nolock 94811->94837 94813 fd182c 94812->94813 94812->94814 94816 fcaceb 23 API calls 94813->94816 95069 103359c 82 API calls __wsopen_s 94814->95069 94815 fd17d4 95065 fe01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94815->95065 94818 fd1839 94816->94818 95066 fdd217 349 API calls 94818->95066 94821 101636e 95070 103359c 82 API calls __wsopen_s 94821->95070 94822 fd152f 94824 10163d1 94822->94824 94825 fd153c 94822->94825 95072 1045745 54 API calls _wcslen 94824->95072 94827 fd1940 9 API calls 94825->94827 94829 fd1549 94827->94829 94828 fdfddb 22 API calls 94828->94837 94832 fd1940 9 API calls 94829->94832 94844 fd15c7 ISource 94829->94844 94830 fd1872 94830->94802 95067 fdfaeb 23 API calls 94830->95067 94831 fdfe0b 22 API calls 94831->94837 94841 fd1563 94832->94841 94833 fd171d 94833->94760 94836 fcec40 349 API calls 94836->94837 94837->94818 94837->94821 94837->94822 94837->94828 94837->94831 94837->94836 94839 10163b2 94837->94839 94837->94844 94838 fd167b ISource 94838->94833 95057 fdce17 22 API calls ISource 94838->95057 95071 103359c 82 API calls __wsopen_s 94839->95071 94841->94844 95073 fca8c7 22 API calls __fread_nolock 94841->95073 94844->94830 94844->94838 95000 fd1940 94844->95000 95010 104a67c CreateToolhelp32Snapshot Process32FirstW 94844->95010 95030 10519bc 94844->95030 95033 10529bf 94844->95033 95037 fdf645 94844->95037 95044 1035c5a 94844->95044 95049 104ab67 94844->95049 95052 104abf7 94844->95052 95074 103359c 82 API calls __wsopen_s 94844->95074 95387 fcadf0 94853->95387 94855 fcbf9d 94856 fcbfa9 94855->94856 94857 10104b6 94855->94857 94859 fcc01e 94856->94859 94860 10104c6 94856->94860 95405 103359c 82 API calls __wsopen_s 94857->95405 95392 fcac91 94859->95392 95406 103359c 82 API calls __wsopen_s 94860->95406 94863 10104f5 94864 101055a 94863->94864 95407 fdd217 349 API calls 94863->95407 94898 fcc603 94864->94898 95408 103359c 82 API calls __wsopen_s 94864->95408 94865 fcc7da 94870 fdfe0b 22 API calls 94865->94870 94867 fcc039 ISource __fread_nolock 94867->94863 94867->94864 94867->94865 94874 fdfddb 22 API calls 94867->94874 94875 fcec40 349 API calls 94867->94875 94876 1027120 22 API calls 94867->94876 94877 101091a 94867->94877 94879 fcaf8a 22 API calls 94867->94879 94882 fcc808 __fread_nolock 94867->94882 94883 10108a5 94867->94883 94887 1010591 94867->94887 94888 10108f6 94867->94888 94893 fcbbe0 40 API calls 94867->94893 94894 fcaceb 23 API calls 94867->94894 94895 fcc237 94867->94895 94867->94898 94904 10109bf 94867->94904 94909 fdfe0b 22 API calls 94867->94909 95396 fcad81 94867->95396 95410 1027099 22 API calls __fread_nolock 94867->95410 95411 1045745 54 API calls _wcslen 94867->95411 95412 fdaa42 22 API calls ISource 94867->95412 95413 102f05c 40 API calls 94867->95413 95414 fca993 41 API calls 94867->95414 94870->94882 94874->94867 94875->94867 94876->94867 95417 1033209 23 API calls 94877->95417 94878 fdfe0b 22 API calls 94908 fcc350 ISource __fread_nolock 94878->94908 94879->94867 94882->94878 94884 fcec40 349 API calls 94883->94884 94886 10108cf 94884->94886 94886->94898 95415 fca81b 41 API calls 94886->95415 95409 103359c 82 API calls __wsopen_s 94887->95409 95416 103359c 82 API calls __wsopen_s 94888->95416 94893->94867 94894->94867 94896 fcc253 94895->94896 95418 fca8c7 22 API calls __fread_nolock 94895->95418 94899 1010976 94896->94899 94902 fcc297 ISource 94896->94902 94898->94760 94901 fcaceb 23 API calls 94899->94901 94901->94904 94903 fcaceb 23 API calls 94902->94903 94902->94904 94905 fcc335 94903->94905 94904->94898 95419 103359c 82 API calls __wsopen_s 94904->95419 94905->94904 94906 fcc342 94905->94906 95403 fca704 22 API calls ISource 94906->95403 94910 fcc3ac 94908->94910 95404 fdce17 22 API calls ISource 94908->95404 94909->94867 94910->94760 94913 fdee09 94911->94913 94915 fdee12 94911->94915 94912 fdee36 IsDialogMessageW 94912->94913 94912->94915 94913->94760 94914 101efaf GetClassLongW 94914->94912 94914->94915 94915->94912 94915->94913 94915->94914 94916->94760 94917->94760 94918->94760 94919->94760 94920->94760 94921->94781 94922->94781 94923->94781 94924->94781 94926 fcec40 349 API calls 94925->94926 94945 fcd29d 94926->94945 94927 1011bc4 94984 103359c 82 API calls __wsopen_s 94927->94984 94929 fcd30b ISource 94929->94795 94930 fcd6d5 94930->94929 94939 fdfe0b 22 API calls 94930->94939 94931 fcd3c3 94931->94930 94933 fcd3ce 94931->94933 94932 fcd5ff 94935 1011bb5 94932->94935 94936 fcd614 94932->94936 94958 fdfddb 94933->94958 94983 1045705 23 API calls 94935->94983 94942 fdfddb 22 API calls 94936->94942 94937 fcd4b8 94969 fdfe0b 94937->94969 94938 fdfddb 22 API calls 94938->94945 94940 fcd3d5 __fread_nolock 94939->94940 94944 fdfddb 22 API calls 94940->94944 94946 fcd3f6 94940->94946 94949 fcd46a 94942->94949 94944->94946 94945->94927 94945->94929 94945->94930 94945->94931 94945->94937 94945->94938 94952 fcd429 ISource __fread_nolock 94945->94952 94946->94952 94968 fcbec0 349 API calls 94946->94968 94948 1011ba4 94982 103359c 82 API calls __wsopen_s 94948->94982 94949->94795 94952->94932 94952->94948 94952->94949 94953 1011b7f 94952->94953 94955 1011b5d 94952->94955 94979 fc1f6f 349 API calls 94952->94979 94981 103359c 82 API calls __wsopen_s 94953->94981 94980 103359c 82 API calls __wsopen_s 94955->94980 94957->94797 94961 fdfde0 94958->94961 94960 fdfdfa 94960->94940 94961->94960 94963 fdfdfc 94961->94963 94985 feea0c 94961->94985 94992 fe4ead 7 API calls 2 library calls 94961->94992 94964 fe066d 94963->94964 94993 fe32a4 RaiseException 94963->94993 94994 fe32a4 RaiseException 94964->94994 94967 fe068a 94967->94940 94968->94952 94971 fdfddb 94969->94971 94970 feea0c ___std_exception_copy 21 API calls 94970->94971 94971->94970 94972 fdfdfa 94971->94972 94975 fdfdfc 94971->94975 94997 fe4ead 7 API calls 2 library calls 94971->94997 94972->94952 94974 fe066d 94999 fe32a4 RaiseException 94974->94999 94975->94974 94998 fe32a4 RaiseException 94975->94998 94978 fe068a 94978->94952 94979->94952 94980->94949 94981->94949 94982->94949 94983->94927 94984->94929 94991 ff3820 __dosmaperr 94985->94991 94986 ff385e 94996 fef2d9 20 API calls __dosmaperr 94986->94996 94988 ff3849 RtlAllocateHeap 94989 ff385c 94988->94989 94988->94991 94989->94961 94991->94986 94991->94988 94995 fe4ead 7 API calls 2 library calls 94991->94995 94992->94961 94993->94964 94994->94967 94995->94991 94996->94989 94997->94971 94998->94974 94999->94978 95001 fd195d 95000->95001 95002 fd1981 95000->95002 95009 fd196e 95001->95009 95077 fe0242 5 API calls __Init_thread_wait 95001->95077 95075 fe0242 5 API calls __Init_thread_wait 95002->95075 95005 fd198b 95005->95001 95076 fe01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95005->95076 95007 fd8727 95007->95009 95078 fe01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95007->95078 95009->94844 95014 104a6c3 95010->95014 95011 fca961 22 API calls 95011->95014 95012 fc9cb3 22 API calls 95012->95014 95014->95011 95014->95012 95019 104a796 Process32NextW 95014->95019 95079 fc525f 95014->95079 95121 fc6350 95014->95121 95136 fc7510 95014->95136 95159 fdce60 41 API calls 95014->95159 95160 104b574 22 API calls __fread_nolock 95014->95160 95019->95014 95020 104a7aa CloseHandle 95019->95020 95130 fc63eb 95020->95130 95024 104a7cd 95162 fd04f0 22 API calls 95024->95162 95026 104a87d 95026->94844 95028 fd04f0 22 API calls 95029 104a7d9 95028->95029 95029->95026 95029->95028 95163 fc62b5 22 API calls 95029->95163 95243 1052ad8 95030->95243 95032 10519cb 95032->94844 95034 10529cb 95033->95034 95035 1052a01 GetForegroundWindow 95034->95035 95036 10529d1 95034->95036 95035->95036 95036->94844 95254 fcb567 95037->95254 95039 fdf659 95040 fdf661 timeGetTime 95039->95040 95041 101f2dc Sleep 95039->95041 95042 fcb567 39 API calls 95040->95042 95043 fdf677 95042->95043 95043->94844 95045 fc7510 53 API calls 95044->95045 95046 1035c6d 95045->95046 95260 102dbbe lstrlenW 95046->95260 95048 1035c77 95048->94844 95265 104aff9 95049->95265 95053 104aff9 217 API calls 95052->95053 95055 104ac0c 95053->95055 95054 104ac54 95054->94844 95055->95054 95056 fcaceb 23 API calls 95055->95056 95056->95054 95057->94838 95058->94803 95060 fc9cc2 _wcslen 95059->95060 95061 fdfe0b 22 API calls 95060->95061 95062 fc9cea __fread_nolock 95061->95062 95063 fdfddb 22 API calls 95062->95063 95064 fc9d00 95063->95064 95064->94815 95065->94812 95066->94830 95067->94830 95068->94807 95069->94844 95070->94844 95071->94844 95072->94841 95073->94844 95074->94844 95075->95005 95076->95001 95077->95007 95078->95009 95164 fca961 95079->95164 95082 fca961 22 API calls 95083 fc527d 95082->95083 95084 fca961 22 API calls 95083->95084 95085 fc5285 95084->95085 95086 fca961 22 API calls 95085->95086 95087 fc528d 95086->95087 95088 1003df5 95087->95088 95089 fc52c1 95087->95089 95191 fca8c7 22 API calls __fread_nolock 95088->95191 95091 fc6d25 22 API calls 95089->95091 95093 fc52cf 95091->95093 95092 1003dfe 95192 fca6c3 95092->95192 95182 fc93b2 95093->95182 95096 fc52d9 95097 fc5304 95096->95097 95098 fc6d25 22 API calls 95096->95098 95099 fc5349 95097->95099 95100 fc5325 95097->95100 95116 1003e20 95097->95116 95102 fc52fa 95098->95102 95169 fc6d25 95099->95169 95100->95099 95186 fc4c6d 95100->95186 95104 fc93b2 22 API calls 95102->95104 95103 fc535a 95106 fc5370 95103->95106 95189 fca8c7 22 API calls __fread_nolock 95103->95189 95104->95097 95109 fc5384 95106->95109 95190 fca8c7 22 API calls __fread_nolock 95106->95190 95110 fc538f 95109->95110 95211 fca8c7 22 API calls __fread_nolock 95109->95211 95120 fc539a 95110->95120 95212 fca8c7 22 API calls __fread_nolock 95110->95212 95113 fc6d25 22 API calls 95113->95099 95198 fc6b57 95116->95198 95117 fc4c6d 22 API calls 95118 1003ee0 95117->95118 95118->95099 95118->95117 95210 fc49bd 22 API calls __fread_nolock 95118->95210 95120->95014 95122 1004a51 95121->95122 95123 fc6362 95121->95123 95231 fc4a88 22 API calls __fread_nolock 95122->95231 95221 fc6373 95123->95221 95126 fc636e 95126->95014 95127 1004a5b 95128 1004a67 95127->95128 95232 fca8c7 22 API calls __fread_nolock 95127->95232 95131 fc63f3 95130->95131 95132 fdfddb 22 API calls 95131->95132 95133 fc6401 95132->95133 95238 fc6a26 22 API calls 95133->95238 95135 fc6409 95161 fc6a50 22 API calls 95135->95161 95137 fc7525 95136->95137 95138 fc7522 95136->95138 95139 fc752d 95137->95139 95140 fc755b 95137->95140 95138->95014 95239 fe51c6 26 API calls 95139->95239 95142 10050f6 95140->95142 95145 fc756d 95140->95145 95150 100500f 95140->95150 95242 fe5183 26 API calls 95142->95242 95143 fc753d 95149 fdfddb 22 API calls 95143->95149 95240 fdfb21 51 API calls 95145->95240 95146 100510e 95146->95146 95151 fc7547 95149->95151 95153 fdfe0b 22 API calls 95150->95153 95158 1005088 95150->95158 95152 fc9cb3 22 API calls 95151->95152 95152->95138 95154 1005058 95153->95154 95155 fdfddb 22 API calls 95154->95155 95156 100507f 95155->95156 95157 fc9cb3 22 API calls 95156->95157 95157->95158 95241 fdfb21 51 API calls 95158->95241 95159->95014 95160->95014 95161->95024 95162->95029 95163->95029 95165 fdfe0b 22 API calls 95164->95165 95166 fca976 95165->95166 95167 fdfddb 22 API calls 95166->95167 95168 fc5275 95167->95168 95168->95082 95170 fc6d34 95169->95170 95171 fc6d91 95169->95171 95170->95171 95173 fc6d3f 95170->95173 95172 fc93b2 22 API calls 95171->95172 95178 fc6d62 __fread_nolock 95172->95178 95174 fc6d5a 95173->95174 95175 1004c9d 95173->95175 95213 fc6f34 22 API calls 95174->95213 95177 fdfddb 22 API calls 95175->95177 95179 1004ca7 95177->95179 95178->95103 95180 fdfe0b 22 API calls 95179->95180 95181 1004cda 95180->95181 95183 fc93c0 95182->95183 95185 fc93c9 __fread_nolock 95182->95185 95183->95185 95214 fcaec9 95183->95214 95185->95096 95187 fcaec9 22 API calls 95186->95187 95188 fc4c78 95187->95188 95188->95099 95188->95113 95189->95106 95190->95109 95191->95092 95193 fca6dd 95192->95193 95197 fca6d0 95192->95197 95194 fdfddb 22 API calls 95193->95194 95195 fca6e7 95194->95195 95196 fdfe0b 22 API calls 95195->95196 95196->95197 95197->95097 95199 1004ba1 95198->95199 95200 fc6b67 _wcslen 95198->95200 95201 fc93b2 22 API calls 95199->95201 95203 fc6b7d 95200->95203 95204 fc6ba2 95200->95204 95202 1004baa 95201->95202 95202->95202 95220 fc6f34 22 API calls 95203->95220 95206 fdfddb 22 API calls 95204->95206 95208 fc6bae 95206->95208 95207 fc6b85 __fread_nolock 95207->95118 95209 fdfe0b 22 API calls 95208->95209 95209->95207 95210->95118 95211->95110 95212->95120 95213->95178 95215 fcaedc 95214->95215 95219 fcaed9 __fread_nolock 95214->95219 95216 fdfddb 22 API calls 95215->95216 95217 fcaee7 95216->95217 95218 fdfe0b 22 API calls 95217->95218 95218->95219 95219->95185 95220->95207 95222 fc63b6 __fread_nolock 95221->95222 95223 fc6382 95221->95223 95222->95126 95223->95222 95224 fc63a9 95223->95224 95225 1004a82 95223->95225 95233 fca587 95224->95233 95227 fdfddb 22 API calls 95225->95227 95228 1004a91 95227->95228 95229 fdfe0b 22 API calls 95228->95229 95230 1004ac5 __fread_nolock 95229->95230 95231->95127 95232->95128 95234 fca598 __fread_nolock 95233->95234 95235 fca59d 95233->95235 95234->95222 95236 fdfe0b 22 API calls 95235->95236 95237 100f80f 95235->95237 95236->95234 95237->95237 95238->95135 95239->95143 95240->95143 95241->95142 95242->95146 95244 fcaceb 23 API calls 95243->95244 95245 1052af3 95244->95245 95246 1052b1d 95245->95246 95247 1052aff 95245->95247 95248 fc6b57 22 API calls 95246->95248 95249 fc7510 53 API calls 95247->95249 95250 1052b1b 95248->95250 95251 1052b0c 95249->95251 95250->95032 95251->95250 95253 fca8c7 22 API calls __fread_nolock 95251->95253 95253->95250 95255 fcb578 95254->95255 95258 fcb57f 95254->95258 95255->95258 95259 fe62d1 39 API calls 95255->95259 95257 fcb5c2 95257->95039 95258->95039 95259->95257 95261 102dc06 95260->95261 95262 102dbdc GetFileAttributesW 95260->95262 95261->95048 95262->95261 95263 102dbe8 FindFirstFileW 95262->95263 95263->95261 95264 102dbf9 FindClose 95263->95264 95264->95261 95266 104b01d ___scrt_fastfail 95265->95266 95267 104b094 95266->95267 95268 104b058 95266->95268 95271 fcb567 39 API calls 95267->95271 95273 104b08b 95267->95273 95269 fcb567 39 API calls 95268->95269 95272 104b063 95269->95272 95270 104b0ed 95274 fc7510 53 API calls 95270->95274 95275 104b0a5 95271->95275 95272->95273 95276 fcb567 39 API calls 95272->95276 95273->95270 95277 fcb567 39 API calls 95273->95277 95278 104b10b 95274->95278 95279 fcb567 39 API calls 95275->95279 95280 104b078 95276->95280 95277->95270 95356 fc7620 95278->95356 95279->95273 95282 fcb567 39 API calls 95280->95282 95282->95273 95283 104b115 95284 104b11f 95283->95284 95285 104b1d8 95283->95285 95287 fc7510 53 API calls 95284->95287 95286 104b20a GetCurrentDirectoryW 95285->95286 95288 fc7510 53 API calls 95285->95288 95289 fdfe0b 22 API calls 95286->95289 95290 104b130 95287->95290 95291 104b1ef 95288->95291 95292 104b22f GetCurrentDirectoryW 95289->95292 95293 fc7620 22 API calls 95290->95293 95294 fc7620 22 API calls 95291->95294 95299 104b23c 95292->95299 95295 104b13a 95293->95295 95297 104b1f9 _wcslen 95294->95297 95296 fc7510 53 API calls 95295->95296 95300 104b14b 95296->95300 95297->95286 95298 104b275 95297->95298 95307 104b287 95298->95307 95308 104b28b 95298->95308 95299->95298 95363 fc9c6e 22 API calls 95299->95363 95302 fc7620 22 API calls 95300->95302 95304 104b155 95302->95304 95303 104b255 95364 fc9c6e 22 API calls 95303->95364 95306 fc7510 53 API calls 95304->95306 95310 104b166 95306->95310 95312 104b2f8 95307->95312 95313 104b39a CreateProcessW 95307->95313 95366 10307c0 10 API calls 95308->95366 95309 104b265 95365 fc9c6e 22 API calls 95309->95365 95315 fc7620 22 API calls 95310->95315 95369 10211c8 39 API calls 95312->95369 95355 104b32f _wcslen 95313->95355 95318 104b170 95315->95318 95316 104b294 95367 10306e6 10 API calls 95316->95367 95321 104b1a6 GetSystemDirectoryW 95318->95321 95327 fc7510 53 API calls 95318->95327 95320 104b2fd 95325 104b323 95320->95325 95326 104b32a 95320->95326 95324 fdfe0b 22 API calls 95321->95324 95322 104b2aa 95368 10305a7 8 API calls 95322->95368 95329 104b1cb GetSystemDirectoryW 95324->95329 95370 1021201 128 API calls 2 library calls 95325->95370 95371 10214ce 6 API calls 95326->95371 95331 104b187 95327->95331 95328 104b2d0 95328->95307 95329->95299 95334 fc7620 22 API calls 95331->95334 95333 104b328 95333->95355 95337 104b191 _wcslen 95334->95337 95335 104b3d6 GetLastError 95347 104b41a 95335->95347 95336 104b42f CloseHandle 95338 104b43f 95336->95338 95348 104b49a 95336->95348 95337->95299 95337->95321 95339 104b446 CloseHandle 95338->95339 95340 104b451 95338->95340 95339->95340 95342 104b463 95340->95342 95343 104b458 CloseHandle 95340->95343 95345 104b475 95342->95345 95346 104b46a CloseHandle 95342->95346 95343->95342 95344 104b4a6 95344->95347 95372 10309d9 34 API calls 95345->95372 95346->95345 95360 1030175 95347->95360 95348->95344 95351 104b4d2 CloseHandle 95348->95351 95351->95347 95353 104b486 95373 104b536 25 API calls 95353->95373 95355->95335 95355->95336 95357 fc762a _wcslen 95356->95357 95358 fdfe0b 22 API calls 95357->95358 95359 fc763f 95358->95359 95359->95283 95374 103030f 95360->95374 95363->95303 95364->95309 95365->95298 95366->95316 95367->95322 95368->95328 95369->95320 95370->95333 95371->95355 95372->95353 95373->95348 95375 1030321 CloseHandle 95374->95375 95376 1030329 95374->95376 95375->95376 95377 1030336 95376->95377 95378 103032e CloseHandle 95376->95378 95379 1030343 95377->95379 95380 103033b CloseHandle 95377->95380 95378->95377 95381 1030350 95379->95381 95382 1030348 CloseHandle 95379->95382 95380->95379 95383 1030355 CloseHandle 95381->95383 95384 103035d 95381->95384 95382->95381 95383->95384 95385 1030362 CloseHandle 95384->95385 95386 103017d 95384->95386 95385->95386 95386->94844 95388 fcae01 95387->95388 95391 fcae1c ISource 95387->95391 95389 fcaec9 22 API calls 95388->95389 95390 fcae09 CharUpperBuffW 95389->95390 95390->95391 95391->94855 95393 fcacae 95392->95393 95394 fcacd1 95393->95394 95420 103359c 82 API calls __wsopen_s 95393->95420 95394->94867 95397 100fadb 95396->95397 95398 fcad92 95396->95398 95399 fdfddb 22 API calls 95398->95399 95400 fcad99 95399->95400 95421 fcadcd 95400->95421 95403->94908 95404->94908 95405->94860 95406->94898 95407->94864 95408->94898 95409->94898 95410->94867 95411->94867 95412->94867 95413->94867 95414->94867 95415->94888 95416->94898 95417->94895 95418->94896 95419->94898 95420->95394 95427 fcaddd 95421->95427 95422 fcadb6 95422->94867 95423 fdfddb 22 API calls 95423->95427 95424 fca961 22 API calls 95424->95427 95425 fcadcd 22 API calls 95425->95427 95427->95422 95427->95423 95427->95424 95427->95425 95428 fca8c7 22 API calls __fread_nolock 95427->95428 95428->95427 95429 1002402 95432 fc1410 95429->95432 95433 fc144f mciSendStringW 95432->95433 95434 10024b8 DestroyWindow 95432->95434 95435 fc146b 95433->95435 95436 fc16c6 95433->95436 95439 10024c4 95434->95439 95437 fc1479 95435->95437 95435->95439 95436->95435 95438 fc16d5 UnregisterHotKey 95436->95438 95465 fc182e 95437->95465 95438->95436 95441 10024e2 FindClose 95439->95441 95442 10024d8 95439->95442 95447 1002509 95439->95447 95441->95439 95442->95439 95471 fc6246 CloseHandle 95442->95471 95445 fc148e 95446 100252d 95445->95446 95451 fc149c 95445->95451 95449 1002541 VirtualFree 95446->95449 95456 fc1509 95446->95456 95447->95446 95448 100251c FreeLibrary 95447->95448 95448->95447 95449->95446 95450 fc14f8 CoUninitialize 95450->95456 95451->95450 95452 fc1514 95454 fc1524 95452->95454 95453 1002589 95458 1002598 ISource 95453->95458 95472 10332eb 6 API calls ISource 95453->95472 95469 fc1944 VirtualFreeEx CloseHandle 95454->95469 95456->95452 95456->95453 95461 1002627 95458->95461 95473 10264d4 22 API calls ISource 95458->95473 95460 fc153a 95460->95458 95462 fc161f 95460->95462 95461->95461 95462->95461 95470 fc1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95462->95470 95464 fc16c1 95467 fc183b 95465->95467 95466 fc1480 95466->95445 95466->95447 95467->95466 95474 102702a 22 API calls 95467->95474 95469->95460 95470->95464 95471->95442 95472->95453 95473->95458 95474->95467 95475 fcf7bf 95476 fcfcb6 95475->95476 95477 fcf7d3 95475->95477 95478 fcaceb 23 API calls 95476->95478 95479 fcfcc2 95477->95479 95480 fdfddb 22 API calls 95477->95480 95478->95479 95481 fcaceb 23 API calls 95479->95481 95482 fcf7e5 95480->95482 95484 fcfd3d 95481->95484 95482->95479 95483 fcf83e 95482->95483 95482->95484 95486 fd1310 349 API calls 95483->95486 95501 fced9d ISource 95483->95501 95512 1031155 22 API calls 95484->95512 95508 fcec76 ISource 95486->95508 95488 fdfddb 22 API calls 95488->95508 95489 1014beb 95518 103359c 82 API calls __wsopen_s 95489->95518 95490 fcfef7 95490->95501 95514 fca8c7 22 API calls __fread_nolock 95490->95514 95492 1014b0b 95516 103359c 82 API calls __wsopen_s 95492->95516 95493 fca8c7 22 API calls 95493->95508 95494 1014600 95494->95501 95513 fca8c7 22 API calls __fread_nolock 95494->95513 95498 fe0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95498->95508 95502 fcfbe3 95502->95501 95504 1014bdc 95502->95504 95509 fcf3ae ISource 95502->95509 95503 fca961 22 API calls 95503->95508 95517 103359c 82 API calls __wsopen_s 95504->95517 95506 fe00a3 29 API calls pre_c_initialization 95506->95508 95507 fe01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95507->95508 95508->95488 95508->95489 95508->95490 95508->95492 95508->95493 95508->95494 95508->95498 95508->95501 95508->95502 95508->95503 95508->95506 95508->95507 95508->95509 95510 fd01e0 349 API calls 2 library calls 95508->95510 95511 fd06a0 41 API calls ISource 95508->95511 95509->95501 95515 103359c 82 API calls __wsopen_s 95509->95515 95510->95508 95511->95508 95512->95501 95513->95501 95514->95501 95515->95501 95516->95501 95517->95489 95518->95501 95519 fc1098 95524 fc42de 95519->95524 95523 fc10a7 95525 fca961 22 API calls 95524->95525 95526 fc42f5 GetVersionExW 95525->95526 95527 fc6b57 22 API calls 95526->95527 95528 fc4342 95527->95528 95529 fc93b2 22 API calls 95528->95529 95541 fc4378 95528->95541 95530 fc436c 95529->95530 95545 fc37a0 95530->95545 95531 fc441b GetCurrentProcess IsWow64Process 95533 fc4437 95531->95533 95534 fc444f LoadLibraryA 95533->95534 95535 1003824 GetSystemInfo 95533->95535 95536 fc449c GetSystemInfo 95534->95536 95537 fc4460 GetProcAddress 95534->95537 95540 fc4476 95536->95540 95537->95536 95539 fc4470 GetNativeSystemInfo 95537->95539 95538 10037df 95539->95540 95542 fc447a FreeLibrary 95540->95542 95543 fc109d 95540->95543 95541->95531 95541->95538 95542->95543 95544 fe00a3 29 API calls __onexit 95543->95544 95544->95523 95546 fc37ae 95545->95546 95547 fc93b2 22 API calls 95546->95547 95548 fc37c2 95547->95548 95548->95541 95549 1002ba5 95550 fc2b25 95549->95550 95551 1002baf 95549->95551 95577 fc2b83 7 API calls 95550->95577 95595 fc3a5a 95551->95595 95555 1002bb8 95557 fc9cb3 22 API calls 95555->95557 95559 1002bc6 95557->95559 95558 fc2b2f 95568 fc2b44 95558->95568 95581 fc3837 95558->95581 95560 1002bf5 95559->95560 95561 1002bce 95559->95561 95562 fc33c6 22 API calls 95560->95562 95602 fc33c6 95561->95602 95576 1002bf1 GetForegroundWindow ShellExecuteW 95562->95576 95567 fc2b5f 95574 fc2b66 SetCurrentDirectoryW 95567->95574 95568->95567 95591 fc30f2 95568->95591 95569 fc6350 22 API calls 95572 1002be7 95569->95572 95570 1002c26 95570->95567 95573 fc33c6 22 API calls 95572->95573 95573->95576 95575 fc2b7a 95574->95575 95576->95570 95611 fc2cd4 7 API calls 95577->95611 95579 fc2b2a 95580 fc2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95579->95580 95580->95558 95582 fc3862 ___scrt_fastfail 95581->95582 95612 fc4212 95582->95612 95586 1003386 Shell_NotifyIconW 95587 fc3906 Shell_NotifyIconW 95616 fc3923 95587->95616 95588 fc38e8 95588->95586 95588->95587 95590 fc391c 95590->95568 95592 fc3154 95591->95592 95593 fc3104 ___scrt_fastfail 95591->95593 95592->95567 95594 fc3123 Shell_NotifyIconW 95593->95594 95594->95592 95645 1001f50 95595->95645 95598 fc9cb3 22 API calls 95599 fc3a8d 95598->95599 95647 fc3aa2 95599->95647 95601 fc3a97 95601->95555 95603 fc33dd 95602->95603 95604 10030bb 95602->95604 95657 fc33ee 95603->95657 95606 fdfddb 22 API calls 95604->95606 95608 10030c5 _wcslen 95606->95608 95607 fc33e8 95607->95569 95609 fdfe0b 22 API calls 95608->95609 95610 10030fe __fread_nolock 95609->95610 95611->95579 95613 10035a4 95612->95613 95614 fc38b7 95612->95614 95613->95614 95615 10035ad DestroyIcon 95613->95615 95614->95588 95638 102c874 42 API calls _strftime 95614->95638 95615->95614 95617 fc393f 95616->95617 95618 fc3a13 95616->95618 95639 fc6270 95617->95639 95618->95590 95621 1003393 LoadStringW 95624 10033ad 95621->95624 95622 fc395a 95623 fc6b57 22 API calls 95622->95623 95625 fc396f 95623->95625 95633 fc3994 ___scrt_fastfail 95624->95633 95644 fca8c7 22 API calls __fread_nolock 95624->95644 95626 fc397c 95625->95626 95627 10033c9 95625->95627 95626->95624 95629 fc3986 95626->95629 95630 fc6350 22 API calls 95627->95630 95631 fc6350 22 API calls 95629->95631 95632 10033d7 95630->95632 95631->95633 95632->95633 95634 fc33c6 22 API calls 95632->95634 95635 fc39f9 Shell_NotifyIconW 95633->95635 95636 10033f9 95634->95636 95635->95618 95637 fc33c6 22 API calls 95636->95637 95637->95633 95638->95588 95640 fdfe0b 22 API calls 95639->95640 95641 fc6295 95640->95641 95642 fdfddb 22 API calls 95641->95642 95643 fc394d 95642->95643 95643->95621 95643->95622 95644->95633 95646 fc3a67 GetModuleFileNameW 95645->95646 95646->95598 95648 1001f50 __wsopen_s 95647->95648 95649 fc3aaf GetFullPathNameW 95648->95649 95650 fc3ace 95649->95650 95651 fc3ae9 95649->95651 95652 fc6b57 22 API calls 95650->95652 95653 fca6c3 22 API calls 95651->95653 95654 fc3ada 95652->95654 95653->95654 95655 fc37a0 22 API calls 95654->95655 95656 fc3ae6 95655->95656 95656->95601 95658 fc33fe _wcslen 95657->95658 95659 100311d 95658->95659 95660 fc3411 95658->95660 95662 fdfddb 22 API calls 95659->95662 95661 fca587 22 API calls 95660->95661 95664 fc341e __fread_nolock 95661->95664 95663 1003127 95662->95663 95665 fdfe0b 22 API calls 95663->95665 95664->95607 95666 1003157 __fread_nolock 95665->95666 95667 fe03fb 95668 fe0407 ___BuildCatchObject 95667->95668 95696 fdfeb1 95668->95696 95670 fe040e 95671 fe0561 95670->95671 95674 fe0438 95670->95674 95726 fe083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95671->95726 95673 fe0568 95719 fe4e52 95673->95719 95685 fe0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95674->95685 95707 ff247d 95674->95707 95681 fe0457 95683 fe04d8 95715 fe0959 95683->95715 95685->95683 95722 fe4e1a 38 API calls 2 library calls 95685->95722 95687 fe04de 95688 fe04f3 95687->95688 95723 fe0992 GetModuleHandleW 95688->95723 95690 fe04fa 95690->95673 95691 fe04fe 95690->95691 95692 fe0507 95691->95692 95724 fe4df5 28 API calls _abort 95691->95724 95725 fe0040 13 API calls 2 library calls 95692->95725 95695 fe050f 95695->95681 95697 fdfeba 95696->95697 95728 fe0698 IsProcessorFeaturePresent 95697->95728 95699 fdfec6 95729 fe2c94 10 API calls 3 library calls 95699->95729 95701 fdfecb 95706 fdfecf 95701->95706 95730 ff2317 95701->95730 95704 fdfee6 95704->95670 95706->95670 95709 ff2494 95707->95709 95708 fe0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95710 fe0451 95708->95710 95709->95708 95710->95681 95711 ff2421 95710->95711 95712 ff2450 95711->95712 95713 fe0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95712->95713 95714 ff2479 95713->95714 95714->95685 95805 fe2340 95715->95805 95718 fe097f 95718->95687 95807 fe4bcf 95719->95807 95722->95683 95723->95690 95724->95692 95725->95695 95726->95673 95728->95699 95729->95701 95734 ffd1f6 95730->95734 95733 fe2cbd 8 API calls 3 library calls 95733->95706 95737 ffd213 95734->95737 95738 ffd20f 95734->95738 95736 fdfed8 95736->95704 95736->95733 95737->95738 95740 ff4bfb 95737->95740 95752 fe0a8c 95738->95752 95741 ff4c07 ___BuildCatchObject 95740->95741 95759 ff2f5e EnterCriticalSection 95741->95759 95743 ff4c0e 95760 ff50af 95743->95760 95745 ff4c1d 95751 ff4c2c 95745->95751 95773 ff4a8f 29 API calls 95745->95773 95748 ff4c3d __wsopen_s 95748->95737 95749 ff4c27 95774 ff4b45 GetStdHandle GetFileType 95749->95774 95775 ff4c48 LeaveCriticalSection _abort 95751->95775 95753 fe0a97 IsProcessorFeaturePresent 95752->95753 95754 fe0a95 95752->95754 95756 fe0c5d 95753->95756 95754->95736 95804 fe0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95756->95804 95758 fe0d40 95758->95736 95759->95743 95761 ff50bb ___BuildCatchObject 95760->95761 95762 ff50df 95761->95762 95763 ff50c8 95761->95763 95776 ff2f5e EnterCriticalSection 95762->95776 95784 fef2d9 20 API calls __dosmaperr 95763->95784 95766 ff50cd 95785 ff27ec 26 API calls __wsopen_s 95766->95785 95767 ff50eb 95772 ff5117 95767->95772 95777 ff5000 95767->95777 95770 ff50d7 __wsopen_s 95770->95745 95786 ff513e LeaveCriticalSection _abort 95772->95786 95773->95749 95774->95751 95775->95748 95776->95767 95787 ff4c7d 95777->95787 95780 ff5012 95783 ff501f 95780->95783 95794 ff3405 11 API calls 2 library calls 95780->95794 95781 ff5071 95781->95767 95795 ff29c8 95783->95795 95784->95766 95785->95770 95786->95770 95793 ff4c8a __dosmaperr 95787->95793 95788 ff4cca 95802 fef2d9 20 API calls __dosmaperr 95788->95802 95789 ff4cb5 RtlAllocateHeap 95791 ff4cc8 95789->95791 95789->95793 95791->95780 95793->95788 95793->95789 95801 fe4ead 7 API calls 2 library calls 95793->95801 95794->95780 95796 ff29d3 RtlFreeHeap 95795->95796 95797 ff29fc __dosmaperr 95795->95797 95796->95797 95798 ff29e8 95796->95798 95797->95781 95803 fef2d9 20 API calls __dosmaperr 95798->95803 95800 ff29ee GetLastError 95800->95797 95801->95793 95802->95791 95803->95800 95804->95758 95806 fe096c GetStartupInfoW 95805->95806 95806->95718 95808 fe4bdb _abort 95807->95808 95809 fe4bf4 95808->95809 95810 fe4be2 95808->95810 95831 ff2f5e EnterCriticalSection 95809->95831 95846 fe4d29 GetModuleHandleW 95810->95846 95813 fe4be7 95813->95809 95847 fe4d6d GetModuleHandleExW 95813->95847 95814 fe4c99 95835 fe4cd9 95814->95835 95818 fe4c70 95822 fe4c88 95818->95822 95827 ff2421 _abort 5 API calls 95818->95827 95820 fe4cb6 95838 fe4ce8 95820->95838 95821 fe4ce2 95855 1001d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 95821->95855 95828 ff2421 _abort 5 API calls 95822->95828 95823 fe4bfb 95823->95814 95823->95818 95832 ff21a8 95823->95832 95827->95822 95828->95814 95831->95823 95856 ff1ee1 95832->95856 95875 ff2fa6 LeaveCriticalSection 95835->95875 95837 fe4cb2 95837->95820 95837->95821 95876 ff360c 95838->95876 95841 fe4d16 95844 fe4d6d _abort 8 API calls 95841->95844 95842 fe4cf6 GetPEB 95842->95841 95843 fe4d06 GetCurrentProcess TerminateProcess 95842->95843 95843->95841 95845 fe4d1e ExitProcess 95844->95845 95846->95813 95848 fe4dba 95847->95848 95849 fe4d97 GetProcAddress 95847->95849 95851 fe4dc9 95848->95851 95852 fe4dc0 FreeLibrary 95848->95852 95850 fe4dac 95849->95850 95850->95848 95853 fe0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95851->95853 95852->95851 95854 fe4bf3 95853->95854 95854->95809 95859 ff1e90 95856->95859 95858 ff1f05 95858->95818 95860 ff1e9c ___BuildCatchObject 95859->95860 95867 ff2f5e EnterCriticalSection 95860->95867 95862 ff1eaa 95868 ff1f31 95862->95868 95866 ff1ec8 __wsopen_s 95866->95858 95867->95862 95871 ff1f51 95868->95871 95872 ff1f59 95868->95872 95869 fe0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95870 ff1eb7 95869->95870 95874 ff1ed5 LeaveCriticalSection _abort 95870->95874 95871->95869 95872->95871 95873 ff29c8 _free 20 API calls 95872->95873 95873->95871 95874->95866 95875->95837 95877 ff3627 95876->95877 95878 ff3631 95876->95878 95880 fe0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95877->95880 95883 ff2fd7 5 API calls 2 library calls 95878->95883 95881 fe4cf2 95880->95881 95881->95841 95881->95842 95882 ff3648 95882->95877 95883->95882 95884 fc105b 95889 fc344d 95884->95889 95886 fc106a 95920 fe00a3 29 API calls __onexit 95886->95920 95888 fc1074 95890 fc345d __wsopen_s 95889->95890 95891 fca961 22 API calls 95890->95891 95892 fc3513 95891->95892 95893 fc3a5a 24 API calls 95892->95893 95894 fc351c 95893->95894 95921 fc3357 95894->95921 95897 fc33c6 22 API calls 95898 fc3535 95897->95898 95927 fc515f 95898->95927 95901 fca961 22 API calls 95902 fc354d 95901->95902 95903 fca6c3 22 API calls 95902->95903 95904 fc3556 RegOpenKeyExW 95903->95904 95905 fc3578 95904->95905 95906 1003176 RegQueryValueExW 95904->95906 95905->95886 95907 1003193 95906->95907 95908 100320c RegCloseKey 95906->95908 95909 fdfe0b 22 API calls 95907->95909 95908->95905 95919 100321e _wcslen 95908->95919 95910 10031ac 95909->95910 95933 fc5722 95910->95933 95913 10031d4 95914 fc6b57 22 API calls 95913->95914 95916 10031ee ISource 95914->95916 95915 fc4c6d 22 API calls 95915->95919 95916->95908 95917 fc9cb3 22 API calls 95917->95919 95918 fc515f 22 API calls 95918->95919 95919->95905 95919->95915 95919->95917 95919->95918 95920->95888 95922 1001f50 __wsopen_s 95921->95922 95923 fc3364 GetFullPathNameW 95922->95923 95924 fc3386 95923->95924 95925 fc6b57 22 API calls 95924->95925 95926 fc33a4 95925->95926 95926->95897 95928 fc516e 95927->95928 95929 fc518f __fread_nolock 95927->95929 95931 fdfe0b 22 API calls 95928->95931 95930 fdfddb 22 API calls 95929->95930 95932 fc3544 95930->95932 95931->95929 95932->95901 95934 fdfddb 22 API calls 95933->95934 95935 fc5734 RegQueryValueExW 95934->95935 95935->95913 95935->95916 95936 fc3156 95939 fc3170 95936->95939 95940 fc3187 95939->95940 95941 fc318c 95940->95941 95942 fc31eb 95940->95942 95983 fc31e9 95940->95983 95946 fc3199 95941->95946 95947 fc3265 PostQuitMessage 95941->95947 95944 1002dfb 95942->95944 95945 fc31f1 95942->95945 95943 fc31d0 DefWindowProcW 95980 fc316a 95943->95980 95994 fc18e2 10 API calls 95944->95994 95948 fc321d SetTimer RegisterWindowMessageW 95945->95948 95949 fc31f8 95945->95949 95951 fc31a4 95946->95951 95952 1002e7c 95946->95952 95947->95980 95956 fc3246 CreatePopupMenu 95948->95956 95948->95980 95953 1002d9c 95949->95953 95954 fc3201 KillTimer 95949->95954 95957 fc31ae 95951->95957 95958 1002e68 95951->95958 95997 102bf30 34 API calls ___scrt_fastfail 95952->95997 95960 1002da1 95953->95960 95961 1002dd7 MoveWindow 95953->95961 95962 fc30f2 Shell_NotifyIconW 95954->95962 95955 1002e1c 95995 fde499 42 API calls 95955->95995 95956->95980 95965 fc31b9 95957->95965 95966 1002e4d 95957->95966 95984 102c161 95958->95984 95968 1002dc6 SetFocus 95960->95968 95969 1002da7 95960->95969 95961->95980 95970 fc3214 95962->95970 95971 fc31c4 95965->95971 95972 fc3253 95965->95972 95966->95943 95996 1020ad7 22 API calls 95966->95996 95967 1002e8e 95967->95943 95967->95980 95968->95980 95969->95971 95973 1002db0 95969->95973 95991 fc3c50 DeleteObject DestroyWindow 95970->95991 95971->95943 95979 fc30f2 Shell_NotifyIconW 95971->95979 95992 fc326f 44 API calls ___scrt_fastfail 95972->95992 95993 fc18e2 10 API calls 95973->95993 95978 fc3263 95978->95980 95981 1002e41 95979->95981 95982 fc3837 49 API calls 95981->95982 95982->95983 95983->95943 95985 102c276 95984->95985 95986 102c179 ___scrt_fastfail 95984->95986 95985->95980 95987 fc3923 24 API calls 95986->95987 95989 102c1a0 95987->95989 95988 102c25f KillTimer SetTimer 95988->95985 95989->95988 95990 102c251 Shell_NotifyIconW 95989->95990 95990->95988 95991->95980 95992->95978 95993->95980 95994->95955 95995->95971 95996->95983 95997->95967 95998 fc2e37 95999 fca961 22 API calls 95998->95999 96000 fc2e4d 95999->96000 96077 fc4ae3 96000->96077 96002 fc2e6b 96003 fc3a5a 24 API calls 96002->96003 96004 fc2e7f 96003->96004 96005 fc9cb3 22 API calls 96004->96005 96006 fc2e8c 96005->96006 96091 fc4ecb 96006->96091 96009 1002cb0 96130 1032cf9 96009->96130 96010 fc2ead 96113 fca8c7 22 API calls __fread_nolock 96010->96113 96012 1002cc3 96013 1002ccf 96012->96013 96156 fc4f39 96012->96156 96018 fc4f39 68 API calls 96013->96018 96016 fc2ec3 96114 fc6f88 22 API calls 96016->96114 96021 1002ce5 96018->96021 96019 fc2ecf 96020 fc9cb3 22 API calls 96019->96020 96022 fc2edc 96020->96022 96162 fc3084 22 API calls 96021->96162 96115 fca81b 41 API calls 96022->96115 96024 fc2eec 96027 fc9cb3 22 API calls 96024->96027 96026 1002d02 96163 fc3084 22 API calls 96026->96163 96029 fc2f12 96027->96029 96116 fca81b 41 API calls 96029->96116 96030 1002d1e 96032 fc3a5a 24 API calls 96030->96032 96033 1002d44 96032->96033 96164 fc3084 22 API calls 96033->96164 96034 fc2f21 96037 fca961 22 API calls 96034->96037 96036 1002d50 96165 fca8c7 22 API calls __fread_nolock 96036->96165 96039 fc2f3f 96037->96039 96117 fc3084 22 API calls 96039->96117 96041 1002d5e 96166 fc3084 22 API calls 96041->96166 96042 fc2f4b 96118 fe4a28 40 API calls 3 library calls 96042->96118 96045 1002d6d 96167 fca8c7 22 API calls __fread_nolock 96045->96167 96046 fc2f59 96046->96021 96047 fc2f63 96046->96047 96119 fe4a28 40 API calls 3 library calls 96047->96119 96050 1002d83 96168 fc3084 22 API calls 96050->96168 96051 fc2f6e 96051->96026 96053 fc2f78 96051->96053 96120 fe4a28 40 API calls 3 library calls 96053->96120 96054 1002d90 96056 fc2f83 96056->96030 96057 fc2f8d 96056->96057 96121 fe4a28 40 API calls 3 library calls 96057->96121 96059 fc2f98 96060 fc2fdc 96059->96060 96122 fc3084 22 API calls 96059->96122 96060->96045 96061 fc2fe8 96060->96061 96061->96054 96064 fc63eb 22 API calls 96061->96064 96063 fc2fbf 96123 fca8c7 22 API calls __fread_nolock 96063->96123 96066 fc2ff8 96064->96066 96125 fc6a50 22 API calls 96066->96125 96067 fc2fcd 96124 fc3084 22 API calls 96067->96124 96070 fc3006 96126 fc70b0 23 API calls 96070->96126 96074 fc3021 96075 fc3065 96074->96075 96127 fc6f88 22 API calls 96074->96127 96128 fc70b0 23 API calls 96074->96128 96129 fc3084 22 API calls 96074->96129 96078 fc4af0 __wsopen_s 96077->96078 96079 fc6b57 22 API calls 96078->96079 96080 fc4b22 96078->96080 96079->96080 96081 fc4c6d 22 API calls 96080->96081 96090 fc4b58 96080->96090 96081->96080 96082 fc4c6d 22 API calls 96082->96090 96083 fc9cb3 22 API calls 96085 fc4c52 96083->96085 96084 fc9cb3 22 API calls 96084->96090 96086 fc515f 22 API calls 96085->96086 96088 fc4c5e 96086->96088 96087 fc515f 22 API calls 96087->96090 96088->96002 96089 fc4c29 96089->96083 96089->96088 96090->96082 96090->96084 96090->96087 96090->96089 96169 fc4e90 LoadLibraryA 96091->96169 96096 fc4ef6 LoadLibraryExW 96177 fc4e59 LoadLibraryA 96096->96177 96097 1003ccf 96099 fc4f39 68 API calls 96097->96099 96101 1003cd6 96099->96101 96103 fc4e59 3 API calls 96101->96103 96105 1003cde 96103->96105 96104 fc4f20 96104->96105 96106 fc4f2c 96104->96106 96199 fc50f5 40 API calls __fread_nolock 96105->96199 96107 fc4f39 68 API calls 96106->96107 96109 fc2ea5 96107->96109 96109->96009 96109->96010 96110 1003cf5 96200 10328fe 27 API calls 96110->96200 96112 1003d05 96113->96016 96114->96019 96115->96024 96116->96034 96117->96042 96118->96046 96119->96051 96120->96056 96121->96059 96122->96063 96123->96067 96124->96060 96125->96070 96126->96074 96127->96074 96128->96074 96129->96074 96131 1032d15 96130->96131 96264 fc511f 64 API calls 96131->96264 96133 1032d29 96265 1032e66 75 API calls 96133->96265 96135 1032d3b 96153 1032d3f 96135->96153 96266 fc50f5 40 API calls __fread_nolock 96135->96266 96137 1032d56 96267 fc50f5 40 API calls __fread_nolock 96137->96267 96139 1032d66 96268 fc50f5 40 API calls __fread_nolock 96139->96268 96141 1032d81 96269 fc50f5 40 API calls __fread_nolock 96141->96269 96143 1032d9c 96270 fc511f 64 API calls 96143->96270 96145 1032db3 96146 feea0c ___std_exception_copy 21 API calls 96145->96146 96147 1032dba 96146->96147 96148 feea0c ___std_exception_copy 21 API calls 96147->96148 96149 1032dc4 96148->96149 96271 fc50f5 40 API calls __fread_nolock 96149->96271 96151 1032dd8 96272 10328fe 27 API calls 96151->96272 96153->96012 96154 1032dee 96154->96153 96273 10322ce 96154->96273 96157 fc4f4a 96156->96157 96158 fc4f43 96156->96158 96160 fc4f59 96157->96160 96161 fc4f6a FreeLibrary 96157->96161 96159 fee678 67 API calls 96158->96159 96159->96157 96160->96013 96161->96160 96162->96026 96163->96030 96164->96036 96165->96041 96166->96045 96167->96050 96168->96054 96170 fc4ea8 GetProcAddress 96169->96170 96171 fc4ec6 96169->96171 96172 fc4eb8 96170->96172 96174 fee5eb 96171->96174 96172->96171 96173 fc4ebf FreeLibrary 96172->96173 96173->96171 96201 fee52a 96174->96201 96176 fc4eea 96176->96096 96176->96097 96178 fc4e8d 96177->96178 96179 fc4e6e GetProcAddress 96177->96179 96182 fc4f80 96178->96182 96180 fc4e7e 96179->96180 96180->96178 96181 fc4e86 FreeLibrary 96180->96181 96181->96178 96183 fdfe0b 22 API calls 96182->96183 96184 fc4f95 96183->96184 96185 fc5722 22 API calls 96184->96185 96186 fc4fa1 __fread_nolock 96185->96186 96187 fc50a5 96186->96187 96188 1003d1d 96186->96188 96198 fc4fdc 96186->96198 96253 fc42a2 CreateStreamOnHGlobal 96187->96253 96261 103304d 74 API calls 96188->96261 96191 1003d22 96262 fc511f 64 API calls 96191->96262 96194 1003d45 96263 fc50f5 40 API calls __fread_nolock 96194->96263 96197 fc506e ISource 96197->96104 96198->96191 96198->96197 96259 fc50f5 40 API calls __fread_nolock 96198->96259 96260 fc511f 64 API calls 96198->96260 96199->96110 96200->96112 96204 fee536 ___BuildCatchObject 96201->96204 96202 fee544 96226 fef2d9 20 API calls __dosmaperr 96202->96226 96204->96202 96206 fee574 96204->96206 96205 fee549 96227 ff27ec 26 API calls __wsopen_s 96205->96227 96208 fee579 96206->96208 96209 fee586 96206->96209 96228 fef2d9 20 API calls __dosmaperr 96208->96228 96218 ff8061 96209->96218 96212 fee58f 96213 fee595 96212->96213 96214 fee5a2 96212->96214 96229 fef2d9 20 API calls __dosmaperr 96213->96229 96230 fee5d4 LeaveCriticalSection __fread_nolock 96214->96230 96216 fee554 __wsopen_s 96216->96176 96219 ff806d ___BuildCatchObject 96218->96219 96231 ff2f5e EnterCriticalSection 96219->96231 96221 ff807b 96232 ff80fb 96221->96232 96225 ff80ac __wsopen_s 96225->96212 96226->96205 96227->96216 96228->96216 96229->96216 96230->96216 96231->96221 96241 ff811e 96232->96241 96233 ff8088 96245 ff80b7 96233->96245 96234 ff8177 96235 ff4c7d __dosmaperr 20 API calls 96234->96235 96236 ff8180 96235->96236 96238 ff29c8 _free 20 API calls 96236->96238 96239 ff8189 96238->96239 96239->96233 96250 ff3405 11 API calls 2 library calls 96239->96250 96241->96233 96241->96234 96248 fe918d EnterCriticalSection 96241->96248 96249 fe91a1 LeaveCriticalSection 96241->96249 96242 ff81a8 96251 fe918d EnterCriticalSection 96242->96251 96252 ff2fa6 LeaveCriticalSection 96245->96252 96247 ff80be 96247->96225 96248->96241 96249->96241 96250->96242 96251->96233 96252->96247 96254 fc42bc FindResourceExW 96253->96254 96258 fc42d9 96253->96258 96255 10035ba LoadResource 96254->96255 96254->96258 96256 10035cf SizeofResource 96255->96256 96255->96258 96257 10035e3 LockResource 96256->96257 96256->96258 96257->96258 96258->96198 96259->96198 96260->96198 96261->96191 96262->96194 96263->96197 96264->96133 96265->96135 96266->96137 96267->96139 96268->96141 96269->96143 96270->96145 96271->96151 96272->96154 96274 10322d9 96273->96274 96275 10322e7 96273->96275 96276 fee5eb 29 API calls 96274->96276 96277 103232c 96275->96277 96278 fee5eb 29 API calls 96275->96278 96288 10322f0 96275->96288 96276->96275 96302 1032557 40 API calls __fread_nolock 96277->96302 96279 1032311 96278->96279 96279->96277 96282 103231a 96279->96282 96281 1032370 96283 1032395 96281->96283 96284 1032374 96281->96284 96282->96288 96310 fee678 96282->96310 96303 1032171 96283->96303 96287 1032381 96284->96287 96290 fee678 67 API calls 96284->96290 96287->96288 96291 fee678 67 API calls 96287->96291 96288->96153 96289 103239d 96292 10323c3 96289->96292 96293 10323a3 96289->96293 96290->96287 96291->96288 96323 10323f3 74 API calls 96292->96323 96295 10323b0 96293->96295 96296 fee678 67 API calls 96293->96296 96295->96288 96297 fee678 67 API calls 96295->96297 96296->96295 96297->96288 96298 10323ca 96299 10323de 96298->96299 96300 fee678 67 API calls 96298->96300 96299->96288 96301 fee678 67 API calls 96299->96301 96300->96299 96301->96288 96302->96281 96304 feea0c ___std_exception_copy 21 API calls 96303->96304 96305 103217f 96304->96305 96306 feea0c ___std_exception_copy 21 API calls 96305->96306 96307 1032190 96306->96307 96308 feea0c ___std_exception_copy 21 API calls 96307->96308 96309 103219c 96308->96309 96309->96289 96311 fee684 ___BuildCatchObject 96310->96311 96312 fee6aa 96311->96312 96313 fee695 96311->96313 96321 fee6a5 __wsopen_s 96312->96321 96324 fe918d EnterCriticalSection 96312->96324 96341 fef2d9 20 API calls __dosmaperr 96313->96341 96315 fee69a 96342 ff27ec 26 API calls __wsopen_s 96315->96342 96318 fee6c6 96325 fee602 96318->96325 96320 fee6d1 96343 fee6ee LeaveCriticalSection __fread_nolock 96320->96343 96321->96288 96323->96298 96324->96318 96326 fee60f 96325->96326 96327 fee624 96325->96327 96376 fef2d9 20 API calls __dosmaperr 96326->96376 96333 fee61f 96327->96333 96344 fedc0b 96327->96344 96329 fee614 96377 ff27ec 26 API calls __wsopen_s 96329->96377 96333->96320 96337 fee646 96361 ff862f 96337->96361 96340 ff29c8 _free 20 API calls 96340->96333 96341->96315 96342->96321 96343->96321 96345 fedc1f 96344->96345 96346 fedc23 96344->96346 96350 ff4d7a 96345->96350 96346->96345 96347 fed955 __fread_nolock 26 API calls 96346->96347 96348 fedc43 96347->96348 96378 ff59be 62 API calls 3 library calls 96348->96378 96351 fee640 96350->96351 96352 ff4d90 96350->96352 96354 fed955 96351->96354 96352->96351 96353 ff29c8 _free 20 API calls 96352->96353 96353->96351 96355 fed976 96354->96355 96356 fed961 96354->96356 96355->96337 96379 fef2d9 20 API calls __dosmaperr 96356->96379 96358 fed966 96380 ff27ec 26 API calls __wsopen_s 96358->96380 96360 fed971 96360->96337 96362 ff863e 96361->96362 96363 ff8653 96361->96363 96384 fef2c6 20 API calls __dosmaperr 96362->96384 96365 ff868e 96363->96365 96370 ff867a 96363->96370 96386 fef2c6 20 API calls __dosmaperr 96365->96386 96366 ff8643 96385 fef2d9 20 API calls __dosmaperr 96366->96385 96368 ff8693 96387 fef2d9 20 API calls __dosmaperr 96368->96387 96381 ff8607 96370->96381 96373 ff869b 96388 ff27ec 26 API calls __wsopen_s 96373->96388 96374 fee64c 96374->96333 96374->96340 96376->96329 96377->96333 96378->96345 96379->96358 96380->96360 96389 ff8585 96381->96389 96383 ff862b 96383->96374 96384->96366 96385->96374 96386->96368 96387->96373 96388->96374 96390 ff8591 ___BuildCatchObject 96389->96390 96400 ff5147 EnterCriticalSection 96390->96400 96392 ff859f 96393 ff85c6 96392->96393 96394 ff85d1 96392->96394 96401 ff86ae 96393->96401 96416 fef2d9 20 API calls __dosmaperr 96394->96416 96397 ff85cc 96417 ff85fb LeaveCriticalSection __wsopen_s 96397->96417 96399 ff85ee __wsopen_s 96399->96383 96400->96392 96418 ff53c4 96401->96418 96403 ff86c4 96431 ff5333 21 API calls 2 library calls 96403->96431 96405 ff86be 96405->96403 96406 ff86f6 96405->96406 96407 ff53c4 __wsopen_s 26 API calls 96405->96407 96406->96403 96408 ff53c4 __wsopen_s 26 API calls 96406->96408 96410 ff86ed 96407->96410 96411 ff8702 CloseHandle 96408->96411 96409 ff871c 96415 ff873e 96409->96415 96432 fef2a3 20 API calls __dosmaperr 96409->96432 96412 ff53c4 __wsopen_s 26 API calls 96410->96412 96411->96403 96413 ff870e GetLastError 96411->96413 96412->96406 96413->96403 96415->96397 96416->96397 96417->96399 96419 ff53e6 96418->96419 96420 ff53d1 96418->96420 96425 ff540b 96419->96425 96435 fef2c6 20 API calls __dosmaperr 96419->96435 96433 fef2c6 20 API calls __dosmaperr 96420->96433 96422 ff53d6 96434 fef2d9 20 API calls __dosmaperr 96422->96434 96425->96405 96426 ff5416 96436 fef2d9 20 API calls __dosmaperr 96426->96436 96427 ff53de 96427->96405 96429 ff541e 96437 ff27ec 26 API calls __wsopen_s 96429->96437 96431->96409 96432->96415 96433->96422 96434->96427 96435->96426 96436->96429 96437->96427 96438 fc1033 96443 fc4c91 96438->96443 96442 fc1042 96444 fca961 22 API calls 96443->96444 96445 fc4cff 96444->96445 96451 fc3af0 96445->96451 96448 fc4d9c 96449 fc1038 96448->96449 96454 fc51f7 22 API calls __fread_nolock 96448->96454 96450 fe00a3 29 API calls __onexit 96449->96450 96450->96442 96455 fc3b1c 96451->96455 96454->96448 96456 fc3b0f 96455->96456 96457 fc3b29 96455->96457 96456->96448 96457->96456 96458 fc3b30 RegOpenKeyExW 96457->96458 96458->96456 96459 fc3b4a RegQueryValueExW 96458->96459 96460 fc3b6b 96459->96460 96461 fc3b80 RegCloseKey 96459->96461 96460->96461 96461->96456 96462 1052a55 96470 1031ebc 96462->96470 96465 1052a70 96472 10239c0 22 API calls 96465->96472 96467 1052a7c 96473 102417d 22 API calls __fread_nolock 96467->96473 96469 1052a87 96471 1031ec3 IsWindow 96470->96471 96471->96465 96471->96469 96472->96467 96473->96469 96474 fc1cad SystemParametersInfoW 96475 1013f75 96486 fdceb1 96475->96486 96477 1013f8b 96478 1014006 96477->96478 96495 fde300 23 API calls 96477->96495 96481 fcbf40 349 API calls 96478->96481 96480 1013fe6 96483 1014052 96480->96483 96496 1031abf 22 API calls 96480->96496 96481->96483 96484 1014a88 96483->96484 96497 103359c 82 API calls __wsopen_s 96483->96497 96487 fdcebf 96486->96487 96488 fdced2 96486->96488 96489 fcaceb 23 API calls 96487->96489 96490 fdcf05 96488->96490 96491 fdced7 96488->96491 96494 fdcec9 96489->96494 96492 fcaceb 23 API calls 96490->96492 96493 fdfddb 22 API calls 96491->96493 96492->96494 96493->96494 96494->96477 96495->96480 96496->96478 96497->96484 96498 fc1044 96503 fc10f3 96498->96503 96500 fc104a 96539 fe00a3 29 API calls __onexit 96500->96539 96502 fc1054 96540 fc1398 96503->96540 96507 fc116a 96508 fca961 22 API calls 96507->96508 96509 fc1174 96508->96509 96510 fca961 22 API calls 96509->96510 96511 fc117e 96510->96511 96512 fca961 22 API calls 96511->96512 96513 fc1188 96512->96513 96514 fca961 22 API calls 96513->96514 96515 fc11c6 96514->96515 96516 fca961 22 API calls 96515->96516 96517 fc1292 96516->96517 96550 fc171c 96517->96550 96521 fc12c4 96522 fca961 22 API calls 96521->96522 96523 fc12ce 96522->96523 96524 fd1940 9 API calls 96523->96524 96525 fc12f9 96524->96525 96571 fc1aab 96525->96571 96527 fc1315 96528 fc1325 GetStdHandle 96527->96528 96529 1002485 96528->96529 96530 fc137a 96528->96530 96529->96530 96531 100248e 96529->96531 96533 fc1387 OleInitialize 96530->96533 96532 fdfddb 22 API calls 96531->96532 96534 1002495 96532->96534 96533->96500 96578 103011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96534->96578 96536 100249e 96579 1030944 CreateThread 96536->96579 96538 10024aa CloseHandle 96538->96530 96539->96502 96580 fc13f1 96540->96580 96543 fc13f1 22 API calls 96544 fc13d0 96543->96544 96545 fca961 22 API calls 96544->96545 96546 fc13dc 96545->96546 96547 fc6b57 22 API calls 96546->96547 96548 fc1129 96547->96548 96549 fc1bc3 6 API calls 96548->96549 96549->96507 96551 fca961 22 API calls 96550->96551 96552 fc172c 96551->96552 96553 fca961 22 API calls 96552->96553 96554 fc1734 96553->96554 96555 fca961 22 API calls 96554->96555 96556 fc174f 96555->96556 96557 fdfddb 22 API calls 96556->96557 96558 fc129c 96557->96558 96559 fc1b4a 96558->96559 96560 fc1b58 96559->96560 96561 fca961 22 API calls 96560->96561 96562 fc1b63 96561->96562 96563 fca961 22 API calls 96562->96563 96564 fc1b6e 96563->96564 96565 fca961 22 API calls 96564->96565 96566 fc1b79 96565->96566 96567 fca961 22 API calls 96566->96567 96568 fc1b84 96567->96568 96569 fdfddb 22 API calls 96568->96569 96570 fc1b96 RegisterWindowMessageW 96569->96570 96570->96521 96572 fc1abb 96571->96572 96573 100272d 96571->96573 96574 fdfddb 22 API calls 96572->96574 96587 1033209 23 API calls 96573->96587 96576 fc1ac3 96574->96576 96576->96527 96577 1002738 96578->96536 96579->96538 96588 103092a 28 API calls 96579->96588 96581 fca961 22 API calls 96580->96581 96582 fc13fc 96581->96582 96583 fca961 22 API calls 96582->96583 96584 fc1404 96583->96584 96585 fca961 22 API calls 96584->96585 96586 fc13c6 96585->96586 96586->96543 96587->96577 96589 ff8402 96594 ff81be 96589->96594 96592 ff842a 96599 ff81ef try_get_first_available_module 96594->96599 96596 ff83ee 96613 ff27ec 26 API calls __wsopen_s 96596->96613 96598 ff8343 96598->96592 96606 1000984 96598->96606 96602 ff8338 96599->96602 96609 fe8e0b 40 API calls 2 library calls 96599->96609 96601 ff838c 96601->96602 96610 fe8e0b 40 API calls 2 library calls 96601->96610 96602->96598 96612 fef2d9 20 API calls __dosmaperr 96602->96612 96604 ff83ab 96604->96602 96611 fe8e0b 40 API calls 2 library calls 96604->96611 96614 1000081 96606->96614 96608 100099f 96608->96592 96609->96601 96610->96604 96611->96602 96612->96596 96613->96598 96617 100008d ___BuildCatchObject 96614->96617 96615 100009b 96671 fef2d9 20 API calls __dosmaperr 96615->96671 96617->96615 96619 10000d4 96617->96619 96618 10000a0 96672 ff27ec 26 API calls __wsopen_s 96618->96672 96625 100065b 96619->96625 96624 10000aa __wsopen_s 96624->96608 96626 1000678 96625->96626 96627 10006a6 96626->96627 96628 100068d 96626->96628 96674 ff5221 96627->96674 96688 fef2c6 20 API calls __dosmaperr 96628->96688 96631 10006ab 96632 10006b4 96631->96632 96633 10006cb 96631->96633 96690 fef2c6 20 API calls __dosmaperr 96632->96690 96687 100039a CreateFileW 96633->96687 96637 10006b9 96691 fef2d9 20 API calls __dosmaperr 96637->96691 96639 1000781 GetFileType 96640 100078c GetLastError 96639->96640 96645 10007d3 96639->96645 96694 fef2a3 20 API calls __dosmaperr 96640->96694 96641 1000692 96689 fef2d9 20 API calls __dosmaperr 96641->96689 96642 1000704 96642->96639 96643 1000756 GetLastError 96642->96643 96692 100039a CreateFileW 96642->96692 96693 fef2a3 20 API calls __dosmaperr 96643->96693 96696 ff516a 21 API calls 2 library calls 96645->96696 96647 100079a CloseHandle 96647->96641 96649 10007c3 96647->96649 96695 fef2d9 20 API calls __dosmaperr 96649->96695 96651 1000749 96651->96639 96651->96643 96653 10007f4 96655 1000840 96653->96655 96697 10005ab 72 API calls 3 library calls 96653->96697 96654 10007c8 96654->96641 96659 100086d 96655->96659 96698 100014d 72 API calls 4 library calls 96655->96698 96658 1000866 96658->96659 96660 100087e 96658->96660 96661 ff86ae __wsopen_s 29 API calls 96659->96661 96662 10000f8 96660->96662 96663 10008fc CloseHandle 96660->96663 96661->96662 96673 1000121 LeaveCriticalSection __wsopen_s 96662->96673 96699 100039a CreateFileW 96663->96699 96665 1000927 96666 1000931 GetLastError 96665->96666 96667 100095d 96665->96667 96700 fef2a3 20 API calls __dosmaperr 96666->96700 96667->96662 96669 100093d 96701 ff5333 21 API calls 2 library calls 96669->96701 96671->96618 96672->96624 96673->96624 96675 ff522d ___BuildCatchObject 96674->96675 96702 ff2f5e EnterCriticalSection 96675->96702 96677 ff5234 96678 ff5259 96677->96678 96683 ff52c7 EnterCriticalSection 96677->96683 96684 ff527b 96677->96684 96680 ff5000 __wsopen_s 21 API calls 96678->96680 96682 ff525e 96680->96682 96681 ff52a4 __wsopen_s 96681->96631 96682->96684 96706 ff5147 EnterCriticalSection 96682->96706 96683->96684 96685 ff52d4 LeaveCriticalSection 96683->96685 96703 ff532a 96684->96703 96685->96677 96687->96642 96688->96641 96689->96662 96690->96637 96691->96641 96692->96651 96693->96641 96694->96647 96695->96654 96696->96653 96697->96655 96698->96658 96699->96665 96700->96669 96701->96667 96702->96677 96707 ff2fa6 LeaveCriticalSection 96703->96707 96705 ff5331 96705->96681 96706->96684 96707->96705 96708 fc2de3 96709 fc2df0 __wsopen_s 96708->96709 96710 fc2e09 96709->96710 96711 1002c2b ___scrt_fastfail 96709->96711 96712 fc3aa2 23 API calls 96710->96712 96713 1002c47 GetOpenFileNameW 96711->96713 96714 fc2e12 96712->96714 96715 1002c96 96713->96715 96724 fc2da5 96714->96724 96717 fc6b57 22 API calls 96715->96717 96719 1002cab 96717->96719 96719->96719 96721 fc2e27 96742 fc44a8 96721->96742 96725 1001f50 __wsopen_s 96724->96725 96726 fc2db2 GetLongPathNameW 96725->96726 96727 fc6b57 22 API calls 96726->96727 96728 fc2dda 96727->96728 96729 fc3598 96728->96729 96730 fca961 22 API calls 96729->96730 96731 fc35aa 96730->96731 96732 fc3aa2 23 API calls 96731->96732 96733 fc35b5 96732->96733 96734 10032eb 96733->96734 96735 fc35c0 96733->96735 96740 100330d 96734->96740 96777 fdce60 41 API calls 96734->96777 96736 fc515f 22 API calls 96735->96736 96738 fc35cc 96736->96738 96771 fc35f3 96738->96771 96741 fc35df 96741->96721 96743 fc4ecb 94 API calls 96742->96743 96744 fc44cd 96743->96744 96745 1003833 96744->96745 96746 fc4ecb 94 API calls 96744->96746 96747 1032cf9 80 API calls 96745->96747 96749 fc44e1 96746->96749 96748 1003848 96747->96748 96750 1003869 96748->96750 96751 100384c 96748->96751 96749->96745 96752 fc44e9 96749->96752 96754 fdfe0b 22 API calls 96750->96754 96753 fc4f39 68 API calls 96751->96753 96755 1003854 96752->96755 96756 fc44f5 96752->96756 96753->96755 96770 10038ae 96754->96770 96779 102da5a 82 API calls 96755->96779 96778 fc940c 136 API calls 2 library calls 96756->96778 96759 1003862 96759->96750 96760 fc2e31 96761 fc4f39 68 API calls 96764 1003a5f 96761->96764 96764->96761 96785 102989b 82 API calls __wsopen_s 96764->96785 96767 fc9cb3 22 API calls 96767->96770 96770->96764 96770->96767 96780 102967e 22 API calls __fread_nolock 96770->96780 96781 10295ad 42 API calls _wcslen 96770->96781 96782 1030b5a 22 API calls 96770->96782 96783 fca4a1 22 API calls __fread_nolock 96770->96783 96784 fc3ff7 22 API calls 96770->96784 96772 fc3605 96771->96772 96776 fc3624 __fread_nolock 96771->96776 96774 fdfe0b 22 API calls 96772->96774 96773 fdfddb 22 API calls 96775 fc363b 96773->96775 96774->96776 96775->96741 96776->96773 96777->96734 96778->96760 96779->96759 96780->96770 96781->96770 96782->96770 96783->96770 96784->96770 96785->96764

                          Executed Functions

                          Function 00FC42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 389 fc42de-fc434d call fca961 GetVersionExW call fc6b57 394 1003617-100362a 389->394 395 fc4353 389->395 397 100362b-100362f 394->397 396 fc4355-fc4357 395->396 398 fc435d-fc43bc call fc93b2 call fc37a0 396->398 399 1003656 396->399 400 1003631 397->400 401 1003632-100363e 397->401 418 fc43c2-fc43c4 398->418 419 10037df-10037e6 398->419 405 100365d-1003660 399->405 400->401 401->397 402 1003640-1003642 401->402 402->396 404 1003648-100364f 402->404 404->394 407 1003651 404->407 408 1003666-10036a8 405->408 409 fc441b-fc4435 GetCurrentProcess IsWow64Process 405->409 407->399 408->409 413 10036ae-10036b1 408->413 411 fc4494-fc449a 409->411 412 fc4437 409->412 415 fc443d-fc4449 411->415 412->415 416 10036b3-10036bd 413->416 417 10036db-10036e5 413->417 420 fc444f-fc445e LoadLibraryA 415->420 421 1003824-1003828 GetSystemInfo 415->421 422 10036ca-10036d6 416->422 423 10036bf-10036c5 416->423 425 10036e7-10036f3 417->425 426 10036f8-1003702 417->426 418->405 424 fc43ca-fc43dd 418->424 427 1003806-1003809 419->427 428 10037e8 419->428 431 fc449c-fc44a6 GetSystemInfo 420->431 432 fc4460-fc446e GetProcAddress 420->432 422->409 423->409 433 1003726-100372f 424->433 434 fc43e3-fc43e5 424->434 425->409 436 1003704-1003710 426->436 437 1003715-1003721 426->437 429 10037f4-10037fc 427->429 430 100380b-100381a 427->430 435 10037ee 428->435 429->427 430->435 440 100381c-1003822 430->440 442 fc4476-fc4478 431->442 432->431 441 fc4470-fc4474 GetNativeSystemInfo 432->441 438 1003731-1003737 433->438 439 100373c-1003748 433->439 443 fc43eb-fc43ee 434->443 444 100374d-1003762 434->444 435->429 436->409 437->409 438->409 439->409 440->429 441->442 447 fc447a-fc447b FreeLibrary 442->447 448 fc4481-fc4493 442->448 449 1003791-1003794 443->449 450 fc43f4-fc440f 443->450 445 1003764-100376a 444->445 446 100376f-100377b 444->446 445->409 446->409 447->448 449->409 453 100379a-10037c1 449->453 451 1003780-100378c 450->451 452 fc4415 450->452 451->409 452->409 454 10037c3-10037c9 453->454 455 10037ce-10037da 453->455 454->409 455->409
                          APIs
                          • GetVersionExW.KERNEL32(?), ref: 00FC430D
                            • Part of subcall function 00FC6B57: _wcslen.LIBCMT ref: 00FC6B6A
                          • GetCurrentProcess.KERNEL32(?,0105CB64,00000000,?,?), ref: 00FC4422
                          • IsWow64Process.KERNEL32(00000000,?,?), ref: 00FC4429
                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00FC4454
                          • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00FC4466
                          • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00FC4474
                          • FreeLibrary.KERNEL32(00000000,?,?), ref: 00FC447B
                          • GetSystemInfo.KERNEL32(?,?,?), ref: 00FC44A0
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                          • String ID: GetNativeSystemInfo$kernel32.dll$|O
                          • API String ID: 3290436268-3101561225
                          • Opcode ID: 494dd4c5d6ee55b917f6dfc0c890869f2ac371f997f6d7695a08aa8926e0f9e4
                          • Instruction ID: 3f7d477aad0342a08738c9175e40d814702504c07a1491ee1366a27fc0b78cb9
                          • Opcode Fuzzy Hash: 494dd4c5d6ee55b917f6dfc0c890869f2ac371f997f6d7695a08aa8926e0f9e4
                          • Instruction Fuzzy Hash: F0A1B136B0A3C3CFD737C76975616A53FF47B26220B18C89DD8C1A7A4AD23A4508DB61
                          Function 00FC42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 793 fc42a2-fc42ba CreateStreamOnHGlobal 794 fc42bc-fc42d3 FindResourceExW 793->794 795 fc42da-fc42dd 793->795 796 fc42d9 794->796 797 10035ba-10035c9 LoadResource 794->797 796->795 797->796 798 10035cf-10035dd SizeofResource 797->798 798->796 799 10035e3-10035ee LockResource 798->799 799->796 800 10035f4-1003612 799->800 800->796
                          APIs
                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00FC50AA,?,?,00000000,00000000), ref: 00FC42B2
                          • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00FC50AA,?,?,00000000,00000000), ref: 00FC42C9
                          • LoadResource.KERNEL32(?,00000000,?,?,00FC50AA,?,?,00000000,00000000,?,?,?,?,?,?,00FC4F20), ref: 010035BE
                          • SizeofResource.KERNEL32(?,00000000,?,?,00FC50AA,?,?,00000000,00000000,?,?,?,?,?,?,00FC4F20), ref: 010035D3
                          • LockResource.KERNEL32(00FC50AA,?,?,00FC50AA,?,?,00000000,00000000,?,?,?,?,?,?,00FC4F20,?), ref: 010035E6
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                          • String ID: SCRIPT
                          • API String ID: 3051347437-3967369404
                          • Opcode ID: 4235410384bc762cab5ede1da8cab6bdeca45d6c8433fa4d8a6d50e5de14b4ad
                          • Instruction ID: be72716bdc11c7f8020ab9401f8071fa4b3caddc35a9569bc60400980ef57826
                          • Opcode Fuzzy Hash: 4235410384bc762cab5ede1da8cab6bdeca45d6c8433fa4d8a6d50e5de14b4ad
                          • Instruction Fuzzy Hash: BD11AC70200301BFE7258B65DE4AF677BBDEBC5B51F20456DB84686290DB72E800E630
                          Function 01002BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00FC2B6B
                            • Part of subcall function 00FC3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,01091418,?,00FC2E7F,?,?,?,00000000), ref: 00FC3A78
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                          • GetForegroundWindow.USER32(runas,?,?,?,?,?,01082224), ref: 01002C10
                          • ShellExecuteW.SHELL32(00000000,?,?,01082224), ref: 01002C17
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                          • String ID: runas
                          • API String ID: 448630720-4000483414
                          • Opcode ID: 8f06db7dfe5c8a2be31493b4006abe9be7e98cb2217133850b685837d0570612
                          • Instruction ID: cbf7ae887d1394f1cdef8d59090d4c5a0e0855b99b2e0244f237a1b178c8fd06
                          • Opcode Fuzzy Hash: 8f06db7dfe5c8a2be31493b4006abe9be7e98cb2217133850b685837d0570612
                          • Instruction Fuzzy Hash: 2511D2316083476ACB15FF20DE57F6EBBA4EB95360F44442CB1C206092CF398A4AA712
                          Function 0104A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0104A6AC
                          • Process32FirstW.KERNEL32(00000000,?), ref: 0104A6BA
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                          • Process32NextW.KERNEL32(00000000,?), ref: 0104A79C
                          • CloseHandle.KERNELBASE(00000000), ref: 0104A7AB
                            • Part of subcall function 00FDCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,01003303,?), ref: 00FDCE8A
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                          • String ID:
                          • API String ID: 1991900642-0
                          • Opcode ID: e6b6c5ca683c64a87f92b0cdd309dc4dbd2c881e7791fd22e0a283d3f52c5944
                          • Instruction ID: f0b2b772cb85bf416c70cb1a2541c179a72cf25585b3b6ac68e39768965945e0
                          • Opcode Fuzzy Hash: e6b6c5ca683c64a87f92b0cdd309dc4dbd2c881e7791fd22e0a283d3f52c5944
                          • Instruction Fuzzy Hash: F3515AB1508301AFD710EF24C986E6BBBE8FF89714F40492DF58697291EB35D904CB92
                          Function 0102DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1019 102dbbe-102dbda lstrlenW 1020 102dc06 1019->1020 1021 102dbdc-102dbe6 GetFileAttributesW 1019->1021 1023 102dc09-102dc0d 1020->1023 1022 102dbe8-102dbf7 FindFirstFileW 1021->1022 1021->1023 1022->1020 1024 102dbf9-102dc04 FindClose 1022->1024 1024->1023
                          APIs
                          • lstrlenW.KERNEL32(?,01005222), ref: 0102DBCE
                          • GetFileAttributesW.KERNELBASE(?), ref: 0102DBDD
                          • FindFirstFileW.KERNEL32(?,?), ref: 0102DBEE
                          • FindClose.KERNEL32(00000000), ref: 0102DBFA
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: FileFind$AttributesCloseFirstlstrlen
                          • String ID:
                          • API String ID: 2695905019-0
                          • Opcode ID: bce5978e741563c33c4fb806dc7e7a4ee72ba825df4101d462c2f179f085d9b5
                          • Instruction ID: d27fee451edac0084c1e7186d7e543746e2a3cdb5ad72d073924d8a6adf9f986
                          • Opcode Fuzzy Hash: bce5978e741563c33c4fb806dc7e7a4ee72ba825df4101d462c2f179f085d9b5
                          • Instruction Fuzzy Hash: A1F0A73041072597A3306BBC990D46B37AC9E01375B104742F4B5D20D0EBB55D548795
                          Function 00FE4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetCurrentProcess.KERNEL32(00FF28E9,?,00FE4CBE,00FF28E9,010888B8,0000000C,00FE4E15,00FF28E9,00000002,00000000,?,00FF28E9), ref: 00FE4D09
                          • TerminateProcess.KERNEL32(00000000,?,00FE4CBE,00FF28E9,010888B8,0000000C,00FE4E15,00FF28E9,00000002,00000000,?,00FF28E9), ref: 00FE4D10
                          • ExitProcess.KERNEL32 ref: 00FE4D22
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Process$CurrentExitTerminate
                          • String ID:
                          • API String ID: 1703294689-0
                          • Opcode ID: 9443e3c33376cda0d0ef766efa3c7589611274697e793ff4432481b89db27a71
                          • Instruction ID: 93bfba5beed54f4bdf10c5ada5d6904e6097fa4f447473c8575523c92e4e32fe
                          • Opcode Fuzzy Hash: 9443e3c33376cda0d0ef766efa3c7589611274697e793ff4432481b89db27a71
                          • Instruction Fuzzy Hash: A8E0B631400388ABDF31AF55DE09A593F6DEF81791B104058FD45CA227CB3AEE42EB80
                          Function 0104AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 0 104aff9-104b056 call fe2340 3 104b094-104b098 0->3 4 104b058-104b06b call fcb567 0->4 5 104b0dd-104b0e0 3->5 6 104b09a-104b0bb call fcb567 * 2 3->6 12 104b06d-104b092 call fcb567 * 2 4->12 13 104b0c8 4->13 8 104b0f5-104b119 call fc7510 call fc7620 5->8 9 104b0e2-104b0e5 5->9 30 104b0bf-104b0c4 6->30 32 104b11f-104b178 call fc7510 call fc7620 call fc7510 call fc7620 call fc7510 call fc7620 8->32 33 104b1d8-104b1e0 8->33 14 104b0e8-104b0ed call fcb567 9->14 12->30 21 104b0cb-104b0cf 13->21 14->8 26 104b0d1-104b0d7 21->26 27 104b0d9-104b0db 21->27 26->14 27->5 27->8 30->5 34 104b0c6 30->34 81 104b1a6-104b1d6 GetSystemDirectoryW call fdfe0b GetSystemDirectoryW 32->81 82 104b17a-104b195 call fc7510 call fc7620 32->82 35 104b1e2-104b1fd call fc7510 call fc7620 33->35 36 104b20a-104b238 GetCurrentDirectoryW call fdfe0b GetCurrentDirectoryW 33->36 34->21 35->36 53 104b1ff-104b208 call fe4963 35->53 45 104b23c 36->45 47 104b240-104b244 45->47 50 104b275-104b285 call 10300d9 47->50 51 104b246-104b270 call fc9c6e * 3 47->51 64 104b287-104b289 50->64 65 104b28b-104b2e1 call 10307c0 call 10306e6 call 10305a7 50->65 51->50 53->36 53->50 68 104b2ee-104b2f2 64->68 65->68 96 104b2e3 65->96 70 104b2f8-104b321 call 10211c8 68->70 71 104b39a-104b3be CreateProcessW 68->71 87 104b323-104b328 call 1021201 70->87 88 104b32a call 10214ce 70->88 75 104b3c1-104b3d4 call fdfe14 * 2 71->75 101 104b3d6-104b3e8 75->101 102 104b42f-104b43d CloseHandle 75->102 81->45 82->81 107 104b197-104b1a0 call fe4963 82->107 100 104b32f-104b33c call fe4963 87->100 88->100 96->68 117 104b347-104b357 call fe4963 100->117 118 104b33e-104b345 100->118 105 104b3ed-104b3fc 101->105 106 104b3ea 101->106 109 104b49c 102->109 110 104b43f-104b444 102->110 113 104b401-104b42a GetLastError call fc630c call fccfa0 105->113 114 104b3fe 105->114 106->105 107->47 107->81 115 104b4a0-104b4a4 109->115 111 104b446-104b44c CloseHandle 110->111 112 104b451-104b456 110->112 111->112 120 104b463-104b468 112->120 121 104b458-104b45e CloseHandle 112->121 130 104b4e5-104b4f6 call 1030175 113->130 114->113 123 104b4a6-104b4b0 115->123 124 104b4b2-104b4bc 115->124 134 104b362-104b372 call fe4963 117->134 135 104b359-104b360 117->135 118->117 118->118 127 104b475-104b49a call 10309d9 call 104b536 120->127 128 104b46a-104b470 CloseHandle 120->128 121->120 123->130 131 104b4c4-104b4e3 call fccfa0 CloseHandle 124->131 132 104b4be 124->132 127->115 128->127 131->130 132->131 146 104b374-104b37b 134->146 147 104b37d-104b398 call fdfe14 * 3 134->147 135->134 135->135 146->146 146->147 147->75
                          APIs
                          • _wcslen.LIBCMT ref: 0104B198
                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0104B1B0
                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0104B1D4
                          • _wcslen.LIBCMT ref: 0104B200
                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0104B214
                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0104B236
                          • _wcslen.LIBCMT ref: 0104B332
                            • Part of subcall function 010305A7: GetStdHandle.KERNEL32(000000F6), ref: 010305C6
                          • _wcslen.LIBCMT ref: 0104B34B
                          • _wcslen.LIBCMT ref: 0104B366
                          • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0104B3B6
                          • GetLastError.KERNEL32(00000000), ref: 0104B407
                          • CloseHandle.KERNEL32(?), ref: 0104B439
                          • CloseHandle.KERNEL32(00000000), ref: 0104B44A
                          • CloseHandle.KERNEL32(00000000), ref: 0104B45C
                          • CloseHandle.KERNEL32(00000000), ref: 0104B46E
                          • CloseHandle.KERNEL32(?), ref: 0104B4E3
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                          • String ID:
                          • API String ID: 2178637699-0
                          • Opcode ID: 47e69bc25ad6e775ec2f74e4f4711ebada138563f8ea4a4b41657078b5264541
                          • Instruction ID: c49c21d50cbe57a629905fe4e0a37db726549338ffdb7a021979e2c9a131cfa1
                          • Opcode Fuzzy Hash: 47e69bc25ad6e775ec2f74e4f4711ebada138563f8ea4a4b41657078b5264541
                          • Instruction Fuzzy Hash: 84F1C1715043419FD714EF28C981B6EBBE5AF85310F1889ADF8C59B2A2CB35EC04CB52
                          Function 00FCD730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON
                          Download Yara Rule
                          APIs
                          • GetInputState.USER32 ref: 00FCD807
                          • timeGetTime.WINMM ref: 00FCDA07
                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FCDB28
                          • TranslateMessage.USER32(?), ref: 00FCDB7B
                          • DispatchMessageW.USER32(?), ref: 00FCDB89
                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FCDB9F
                          • Sleep.KERNELBASE(0000000A), ref: 00FCDBB1
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                          • String ID:
                          • API String ID: 2189390790-0
                          • Opcode ID: 561ddfe8ef13756b2d0ed3d79e3d61dbb2846f5f43f6e1fb1421f67ce7ec3acf
                          • Instruction ID: e7e81a4a8758e30bdbf9c5ba106af1f2ed58939a420b2356171cb5f732bf19b1
                          • Opcode Fuzzy Hash: 561ddfe8ef13756b2d0ed3d79e3d61dbb2846f5f43f6e1fb1421f67ce7ec3acf
                          • Instruction Fuzzy Hash: 9F420130608342EFD739CB24C986FAEBBE1BF85314F14456DE59687281D779E844EB82
                          Function 00FC2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • GetSysColorBrush.USER32(0000000F), ref: 00FC2D07
                          • RegisterClassExW.USER32(00000030), ref: 00FC2D31
                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00FC2D42
                          • InitCommonControlsEx.COMCTL32(?), ref: 00FC2D5F
                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00FC2D6F
                          • LoadIconW.USER32(000000A9), ref: 00FC2D85
                          • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00FC2D94
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                          • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                          • API String ID: 2914291525-1005189915
                          • Opcode ID: 6afa300eefaf45f8757d058eb65160c87c76e215e09825eb48aabb0c23359ba9
                          • Instruction ID: f6bd92d1ed31fc1d42e7bddbb849b5a773573b0df0de3e8d7feb65056be4834a
                          • Opcode Fuzzy Hash: 6afa300eefaf45f8757d058eb65160c87c76e215e09825eb48aabb0c23359ba9
                          • Instruction Fuzzy Hash: 2D211FB5E01309AFEB10DF94E949BDE7FB8FB08710F00811AF591A6284D7BA0544CF51
                          Function 0100065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 457 100065b-100068b call 100042f 460 10006a6-10006b2 call ff5221 457->460 461 100068d-1000698 call fef2c6 457->461 466 10006b4-10006c9 call fef2c6 call fef2d9 460->466 467 10006cb-1000714 call 100039a 460->467 468 100069a-10006a1 call fef2d9 461->468 466->468 476 1000781-100078a GetFileType 467->476 477 1000716-100071f 467->477 478 100097d-1000983 468->478 479 10007d3-10007d6 476->479 480 100078c-10007bd GetLastError call fef2a3 CloseHandle 476->480 482 1000721-1000725 477->482 483 1000756-100077c GetLastError call fef2a3 477->483 485 10007d8-10007dd 479->485 486 10007df-10007e5 479->486 480->468 494 10007c3-10007ce call fef2d9 480->494 482->483 487 1000727-1000754 call 100039a 482->487 483->468 491 10007e9-1000837 call ff516a 485->491 486->491 492 10007e7 486->492 487->476 487->483 500 1000847-100086b call 100014d 491->500 501 1000839-1000845 call 10005ab 491->501 492->491 494->468 507 100086d 500->507 508 100087e-10008c1 500->508 501->500 506 100086f-1000879 call ff86ae 501->506 506->478 507->506 510 10008e2-10008f0 508->510 511 10008c3-10008c7 508->511 514 10008f6-10008fa 510->514 515 100097b 510->515 511->510 513 10008c9-10008dd 511->513 513->510 514->515 516 10008fc-100092f CloseHandle call 100039a 514->516 515->478 519 1000931-100095d GetLastError call fef2a3 call ff5333 516->519 520 1000963-1000977 516->520 519->520 520->515
                          APIs
                            • Part of subcall function 0100039A: CreateFileW.KERNELBASE(00000000,00000000,?,01000704,?,?,00000000,?,01000704,00000000,0000000C), ref: 010003B7
                          • GetLastError.KERNEL32 ref: 0100076F
                          • __dosmaperr.LIBCMT ref: 01000776
                          • GetFileType.KERNELBASE(00000000), ref: 01000782
                          • GetLastError.KERNEL32 ref: 0100078C
                          • __dosmaperr.LIBCMT ref: 01000795
                          • CloseHandle.KERNEL32(00000000), ref: 010007B5
                          • CloseHandle.KERNEL32(?), ref: 010008FF
                          • GetLastError.KERNEL32 ref: 01000931
                          • __dosmaperr.LIBCMT ref: 01000938
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                          • String ID: H
                          • API String ID: 4237864984-2852464175
                          • Opcode ID: 1957df415e83bfb38dd8fb906b90e26d9e9937177fbd4caf397b29a7823106bc
                          • Instruction ID: 6f2e8e3193ebb7a94ef8146bb6d9854d4ed72ad4c314852319a663df5ae085f7
                          • Opcode Fuzzy Hash: 1957df415e83bfb38dd8fb906b90e26d9e9937177fbd4caf397b29a7823106bc
                          • Instruction Fuzzy Hash: A1A12932A041488FEF1AAF68DC51BAE3BE5EB06360F144199F8959B2D5D7398902CB51
                          Function 00FC344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                            • Part of subcall function 00FC3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,01091418,?,00FC2E7F,?,?,?,00000000), ref: 00FC3A78
                            • Part of subcall function 00FC3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00FC3379
                          • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00FC356A
                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0100318D
                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 010031CE
                          • RegCloseKey.ADVAPI32(?), ref: 01003210
                          • _wcslen.LIBCMT ref: 01003277
                          • _wcslen.LIBCMT ref: 01003286
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                          • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                          • API String ID: 98802146-2727554177
                          • Opcode ID: 75744d36ed779a116fef917ab54c35e94ecbcd2ccb4fad78770ed7f40c5f1de8
                          • Instruction ID: b7ccdb29df7f383537b286cf6910e05ddac062d75dd8c687715a607023b252e0
                          • Opcode Fuzzy Hash: 75744d36ed779a116fef917ab54c35e94ecbcd2ccb4fad78770ed7f40c5f1de8
                          • Instruction Fuzzy Hash: 11710171408302AED325DF29DD92DABBBE8FF85340F40882EF5C5871A4EB369548CB52
                          Function 00FC2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • GetSysColorBrush.USER32(0000000F), ref: 00FC2B8E
                          • LoadCursorW.USER32(00000000,00007F00), ref: 00FC2B9D
                          • LoadIconW.USER32(00000063), ref: 00FC2BB3
                          • LoadIconW.USER32(000000A4), ref: 00FC2BC5
                          • LoadIconW.USER32(000000A2), ref: 00FC2BD7
                          • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00FC2BEF
                          • RegisterClassExW.USER32(?), ref: 00FC2C40
                            • Part of subcall function 00FC2CD4: GetSysColorBrush.USER32(0000000F), ref: 00FC2D07
                            • Part of subcall function 00FC2CD4: RegisterClassExW.USER32(00000030), ref: 00FC2D31
                            • Part of subcall function 00FC2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00FC2D42
                            • Part of subcall function 00FC2CD4: InitCommonControlsEx.COMCTL32(?), ref: 00FC2D5F
                            • Part of subcall function 00FC2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00FC2D6F
                            • Part of subcall function 00FC2CD4: LoadIconW.USER32(000000A9), ref: 00FC2D85
                            • Part of subcall function 00FC2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00FC2D94
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                          • String ID: #$0$AutoIt v3
                          • API String ID: 423443420-4155596026
                          • Opcode ID: 040fbf69329962dcd8f146d1bfc46befc4b202b6e5473db25ced5c89c630c4af
                          • Instruction ID: d81656ca3abe46dee2a9684f8bb08950157ee91d2ddb65f98adcfd8c140e6cf5
                          • Opcode Fuzzy Hash: 040fbf69329962dcd8f146d1bfc46befc4b202b6e5473db25ced5c89c630c4af
                          • Instruction Fuzzy Hash: DE216F70F00319AFDB209FA5E965B9E7FB9FB08B60F00C11AF584A6684D7BA0540DF90
                          Function 00FC3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 598 fc3170-fc3185 599 fc31e5-fc31e7 598->599 600 fc3187-fc318a 598->600 599->600 601 fc31e9 599->601 602 fc318c-fc3193 600->602 603 fc31eb 600->603 604 fc31d0-fc31d8 DefWindowProcW 601->604 607 fc3199-fc319e 602->607 608 fc3265-fc326d PostQuitMessage 602->608 605 1002dfb-1002e23 call fc18e2 call fde499 603->605 606 fc31f1-fc31f6 603->606 609 fc31de-fc31e4 604->609 644 1002e28-1002e2f 605->644 611 fc321d-fc3244 SetTimer RegisterWindowMessageW 606->611 612 fc31f8-fc31fb 606->612 614 fc31a4-fc31a8 607->614 615 1002e7c-1002e90 call 102bf30 607->615 610 fc3219-fc321b 608->610 610->609 611->610 619 fc3246-fc3251 CreatePopupMenu 611->619 616 1002d9c-1002d9f 612->616 617 fc3201-fc320f KillTimer call fc30f2 612->617 620 fc31ae-fc31b3 614->620 621 1002e68-1002e72 call 102c161 614->621 615->610 639 1002e96 615->639 623 1002da1-1002da5 616->623 624 1002dd7-1002df6 MoveWindow 616->624 634 fc3214 call fc3c50 617->634 619->610 628 fc31b9-fc31be 620->628 629 1002e4d-1002e54 620->629 635 1002e77 621->635 631 1002dc6-1002dd2 SetFocus 623->631 632 1002da7-1002daa 623->632 624->610 637 fc31c4-fc31ca 628->637 638 fc3253-fc3263 call fc326f 628->638 629->604 633 1002e5a-1002e63 call 1020ad7 629->633 631->610 632->637 640 1002db0-1002dc1 call fc18e2 632->640 633->604 634->610 635->610 637->604 637->644 638->610 639->604 640->610 644->604 645 1002e35-1002e48 call fc30f2 call fc3837 644->645 645->604
                          APIs
                          • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00FC316A,?,?), ref: 00FC31D8
                          • KillTimer.USER32(?,00000001,?,?,?,?,?,00FC316A,?,?), ref: 00FC3204
                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00FC3227
                          • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00FC316A,?,?), ref: 00FC3232
                          • CreatePopupMenu.USER32 ref: 00FC3246
                          • PostQuitMessage.USER32(00000000), ref: 00FC3267
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                          • String ID: TaskbarCreated
                          • API String ID: 129472671-2362178303
                          • Opcode ID: db4620b6ee4e2cfe45399c720e59af9ee4240765c5e14a7e6d6ff331bc848c78
                          • Instruction ID: 28e0acec37f75cc013b3d3723fd178a7b08f997394cc748643f8bede28cd10b8
                          • Opcode Fuzzy Hash: db4620b6ee4e2cfe45399c720e59af9ee4240765c5e14a7e6d6ff331bc848c78
                          • Instruction Fuzzy Hash: D441F436B44207AAEF251B289F1FFBA3A69F7053A0F08C11DF58285585C67A8E40B761
                          Function 00FC1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 654 fc1410-fc1449 655 fc144f-fc1465 mciSendStringW 654->655 656 10024b8-10024b9 DestroyWindow 654->656 657 fc146b-fc1473 655->657 658 fc16c6-fc16d3 655->658 659 10024c4-10024d1 656->659 657->659 660 fc1479-fc1488 call fc182e 657->660 661 fc16f8-fc16ff 658->661 662 fc16d5-fc16f0 UnregisterHotKey 658->662 663 1002500-1002507 659->663 664 10024d3-10024d6 659->664 675 fc148e-fc1496 660->675 676 100250e-100251a 660->676 661->657 667 fc1705 661->667 662->661 666 fc16f2-fc16f3 call fc10d0 662->666 663->659 672 1002509 663->672 668 10024e2-10024e5 FindClose 664->668 669 10024d8-10024e0 call fc6246 664->669 666->661 667->658 674 10024eb-10024f8 668->674 669->674 672->676 674->663 678 10024fa-10024fb call 10332b1 674->678 679 fc149c-fc14c1 call fccfa0 675->679 680 1002532-100253f 675->680 681 1002524-100252b 676->681 682 100251c-100251e FreeLibrary 676->682 678->663 692 fc14f8-fc1503 CoUninitialize 679->692 693 fc14c3 679->693 684 1002541-100255e VirtualFree 680->684 685 1002566-100256d 680->685 681->676 683 100252d 681->683 682->681 683->680 684->685 688 1002560-1002561 call 1033317 684->688 685->680 689 100256f 685->689 688->685 694 1002574-1002578 689->694 692->694 695 fc1509-fc150e 692->695 696 fc14c6-fc14f6 call fc1a05 call fc19ae 693->696 694->695 699 100257e-1002584 694->699 697 fc1514-fc151e 695->697 698 1002589-1002596 call 10332eb 695->698 696->692 701 fc1524-fc15a5 call fc988f call fc1944 call fc17d5 call fdfe14 call fc177c call fc988f call fccfa0 call fc17fe call fdfe14 697->701 702 fc1707-fc1714 call fdf80e 697->702 710 1002598 698->710 699->695 716 100259d-10025bf call fdfdcd 701->716 744 fc15ab-fc15cf call fdfe14 701->744 702->701 715 fc171a 702->715 710->716 715->702 722 10025c1 716->722 725 10025c6-10025e8 call fdfdcd 722->725 732 10025ea 725->732 735 10025ef-1002611 call fdfdcd 732->735 740 1002613 735->740 743 1002618-1002625 call 10264d4 740->743 749 1002627 743->749 744->725 750 fc15d5-fc15f9 call fdfe14 744->750 752 100262c-1002639 call fdac64 749->752 750->735 755 fc15ff-fc1619 call fdfe14 750->755 759 100263b 752->759 755->743 760 fc161f-fc1643 call fc17d5 call fdfe14 755->760 762 1002640-100264d call 1033245 759->762 760->752 769 fc1649-fc1651 760->769 768 100264f 762->768 770 1002654-1002661 call 10332cc 768->770 769->762 771 fc1657-fc1675 call fc988f call fc190a 769->771 776 1002663 770->776 771->770 780 fc167b-fc1689 771->780 779 1002668-1002675 call 10332cc 776->779 785 1002677 779->785 780->779 782 fc168f-fc16c5 call fc988f * 3 call fc1876 780->782 785->785
                          APIs
                          • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00FC1459
                          • CoUninitialize.COMBASE ref: 00FC14F8
                          • UnregisterHotKey.USER32(?), ref: 00FC16DD
                          • DestroyWindow.USER32(?), ref: 010024B9
                          • FreeLibrary.KERNEL32(?), ref: 0100251E
                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0100254B
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                          • String ID: close all
                          • API String ID: 469580280-3243417748
                          • Opcode ID: 78e67f3498d16ead2ea273b4a8cdfa3f6cf584aed4f431355e2f492729329d36
                          • Instruction ID: 7c6ab1aa894dd855db04ab9ad1232f0f2f34dae87c09e1c11ba8fae486a649a4
                          • Opcode Fuzzy Hash: 78e67f3498d16ead2ea273b4a8cdfa3f6cf584aed4f431355e2f492729329d36
                          • Instruction Fuzzy Hash: 5AD18D31701212CFEB1AEF14CA9AF29F7A4BF05710F14419DE58A6B292CB31AC26DF54
                          Function 00FC2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 803 fc2c63-fc2cd3 CreateWindowExW * 2 ShowWindow * 2
                          APIs
                          • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00FC2C91
                          • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00FC2CB2
                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,00FC1CAD,?), ref: 00FC2CC6
                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,00FC1CAD,?), ref: 00FC2CCF
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$CreateShow
                          • String ID: AutoIt v3$edit
                          • API String ID: 1584632944-3779509399
                          • Opcode ID: 8e1f16d8818497ca4acabb4814aabae637b518d764c7beab87ea6781e773c2a9
                          • Instruction ID: 5d9688299ff6f2ae4b34f8bd608aec288e26528c59b02a55ba07e304d100e932
                          • Opcode Fuzzy Hash: 8e1f16d8818497ca4acabb4814aabae637b518d764c7beab87ea6781e773c2a9
                          • Instruction Fuzzy Hash: 92F0DA756403957AEB311727AC1CE772EBDF7C6F60B00805EF944A6554C67A1850DBB0
                          Function 00FC3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 954 fc3b1c-fc3b27 955 fc3b99-fc3b9b 954->955 956 fc3b29-fc3b2e 954->956 957 fc3b8c-fc3b8f 955->957 956->955 958 fc3b30-fc3b48 RegOpenKeyExW 956->958 958->955 959 fc3b4a-fc3b69 RegQueryValueExW 958->959 960 fc3b6b-fc3b76 959->960 961 fc3b80-fc3b8b RegCloseKey 959->961 962 fc3b78-fc3b7a 960->962 963 fc3b90-fc3b97 960->963 961->957 964 fc3b7e 962->964 963->964 964->961
                          APIs
                          • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00FC3B0F,SwapMouseButtons,00000004,?), ref: 00FC3B40
                          • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00FC3B0F,SwapMouseButtons,00000004,?), ref: 00FC3B61
                          • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00FC3B0F,SwapMouseButtons,00000004,?), ref: 00FC3B83
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CloseOpenQueryValue
                          • String ID: Control Panel\Mouse
                          • API String ID: 3677997916-824357125
                          • Opcode ID: 41ad193487217bec13801e172e0f758c9bb709ca1d145f43a0f077032b8a04a1
                          • Instruction ID: 920975529ef44fc8924940794ec411770bb4874ad0007b4bd5afbfff048cf6fd
                          • Opcode Fuzzy Hash: 41ad193487217bec13801e172e0f758c9bb709ca1d145f43a0f077032b8a04a1
                          • Instruction Fuzzy Hash: E3112AB5510209FFDB208FA5DD45EEFB7BCEF45794B108459B805D7114D231AE44AB60
                          Function 00FC3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                          Download Yara Rule
                          APIs
                          • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 010033A2
                            • Part of subcall function 00FC6B57: _wcslen.LIBCMT ref: 00FC6B6A
                          • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00FC3A04
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: IconLoadNotifyShell_String_wcslen
                          • String ID: Line:
                          • API String ID: 2289894680-1585850449
                          • Opcode ID: e36ff8a9d598a5659d56ace4be0c842ab66bffbc1f4cda47ba7af29a16ad24ab
                          • Instruction ID: 16404a1405b5a7c3bbb529c4437ffc05663b6ac4d15c05dc7a6cc76e5ed38f3d
                          • Opcode Fuzzy Hash: e36ff8a9d598a5659d56ace4be0c842ab66bffbc1f4cda47ba7af29a16ad24ab
                          • Instruction Fuzzy Hash: 8431C471908302AAD725EB20DD46FEBB7E8AB44760F00C91EF5D992181DB789648D7C2
                          Function 00FDFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                          Download Yara Rule
                          APIs
                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00FE0668
                            • Part of subcall function 00FE32A4: RaiseException.KERNEL32(?,?,?,00FE068A,?,01091444,?,?,?,?,?,?,00FE068A,00FC1129,01088738,00FC1129), ref: 00FE3304
                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00FE0685
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Exception@8Throw$ExceptionRaise
                          • String ID: Unknown exception
                          • API String ID: 3476068407-410509341
                          • Opcode ID: b3cc78a59c5b195e0840ecb621e3c3a595e8c8e89de172a6d98d073128ef2655
                          • Instruction ID: a26982b27b007776ba85e01f4c44f1d74b33fcdc2e054a89addc7b1f867ce19d
                          • Opcode Fuzzy Hash: b3cc78a59c5b195e0840ecb621e3c3a595e8c8e89de172a6d98d073128ef2655
                          • Instruction Fuzzy Hash: B6F04C34C0038D73CB00B666DC4AD5E777E5E00320BA44136B964D6591EFB5DA69F9C0
                          Function 00FC10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00FC1BF4
                            • Part of subcall function 00FC1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00FC1BFC
                            • Part of subcall function 00FC1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00FC1C07
                            • Part of subcall function 00FC1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00FC1C12
                            • Part of subcall function 00FC1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00FC1C1A
                            • Part of subcall function 00FC1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00FC1C22
                            • Part of subcall function 00FC1B4A: RegisterWindowMessageW.USER32(00000004,?,00FC12C4), ref: 00FC1BA2
                          • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00FC136A
                          • OleInitialize.OLE32 ref: 00FC1388
                          • CloseHandle.KERNEL32(00000000,00000000), ref: 010024AB
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                          • String ID:
                          • API String ID: 1986988660-0
                          • Opcode ID: f0c2e127b0846eb88c228a6f7c4f446c58a347b2544e534f4b7fa8c2d203d355
                          • Instruction ID: bbfe7afc9247d8a5404b6c0d388243b25399be5f1322f595769d20ce9fdb6bbe
                          • Opcode Fuzzy Hash: f0c2e127b0846eb88c228a6f7c4f446c58a347b2544e534f4b7fa8c2d203d355
                          • Instruction Fuzzy Hash: 0B71BEB4B01303CFC7A5DF79E666A563AE4BB4836435A822ED4DAC7349EB3A4401DF41
                          Function 0102C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00FC3A04
                          • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0102C259
                          • KillTimer.USER32(?,00000001,?,?), ref: 0102C261
                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0102C270
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: IconNotifyShell_Timer$Kill
                          • String ID:
                          • API String ID: 3500052701-0
                          • Opcode ID: fd81c1002801a3a02b68928e5c86b63ef511787c310921857501ae3e3021d5ab
                          • Instruction ID: fbf22ead45b3b0dccd69268d0d8f6a92ec692d0eefcc666553ff8608426ff950
                          • Opcode Fuzzy Hash: fd81c1002801a3a02b68928e5c86b63ef511787c310921857501ae3e3021d5ab
                          • Instruction Fuzzy Hash: CB31C070900364AFFB728B688955BEBBBECAB03308F00409AD6DE93241C7745688CB51
                          Function 00FF86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • CloseHandle.KERNELBASE(00000000,00000000,?,?,00FF85CC,?,01088CC8,0000000C), ref: 00FF8704
                          • GetLastError.KERNEL32(?,00FF85CC,?,01088CC8,0000000C), ref: 00FF870E
                          • __dosmaperr.LIBCMT ref: 00FF8739
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CloseErrorHandleLast__dosmaperr
                          • String ID:
                          • API String ID: 2583163307-0
                          • Opcode ID: 7418355e5935e62ac09d1d5062af30a1ae44b5a6fc9362709758e07106c48809
                          • Instruction ID: 1a03565daf1df0591768c00d9fe49a2ea8702b22a8d99f19423fbaea3f93ad97
                          • Opcode Fuzzy Hash: 7418355e5935e62ac09d1d5062af30a1ae44b5a6fc9362709758e07106c48809
                          • Instruction Fuzzy Hash: 02012F33E0566C16D7246234A84977E77894F82BF8F350119FB14DB1F2DE698C82B250
                          Function 00FCDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                          Download Yara Rule
                          APIs
                          • TranslateMessage.USER32(?), ref: 00FCDB7B
                          • DispatchMessageW.USER32(?), ref: 00FCDB89
                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FCDB9F
                          • Sleep.KERNELBASE(0000000A), ref: 00FCDBB1
                          • TranslateAcceleratorW.USER32(?,?,?), ref: 01011CC9
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                          • String ID:
                          • API String ID: 3288985973-0
                          • Opcode ID: 64066d5ac6e69246021338e9c38bc23ca17488468776ff01dca71f3ade6fdf22
                          • Instruction ID: 773c47c3ae41e8c9dd76354494945b8837317d452429f8852260c0a5772baa24
                          • Opcode Fuzzy Hash: 64066d5ac6e69246021338e9c38bc23ca17488468776ff01dca71f3ade6fdf22
                          • Instruction Fuzzy Hash: A5F030306043459BEB348760DD55F9B73ADEB84310F104519E689870C4DB389448AB15
                          Function 00FD1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                          Download Yara Rule
                          APIs
                          • __Init_thread_footer.LIBCMT ref: 00FD17F6
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Init_thread_footer
                          • String ID: CALL
                          • API String ID: 1385522511-4196123274
                          • Opcode ID: 0a8223f76732d9944ca0b675de9ad15cc7478d0294685c1f7e2dfb009f62b4bc
                          • Instruction ID: c492eb7212ee889249ed87550a13449d768ed7f8fe0acb4011971026f29135bc
                          • Opcode Fuzzy Hash: 0a8223f76732d9944ca0b675de9ad15cc7478d0294685c1f7e2dfb009f62b4bc
                          • Instruction Fuzzy Hash: 74228D71608301AFC714DF14C894B2ABBF2BF85314F18895EF4968B361D77AE845EB92
                          Function 00FC2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                          Download Yara Rule
                          APIs
                          • GetOpenFileNameW.COMDLG32(?), ref: 01002C8C
                            • Part of subcall function 00FC3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FC3A97,?,?,00FC2E7F,?,?,?,00000000), ref: 00FC3AC2
                            • Part of subcall function 00FC2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00FC2DC4
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Name$Path$FileFullLongOpen
                          • String ID: X
                          • API String ID: 779396738-3081909835
                          • Opcode ID: e0d0ac038c4f22cb2a873ef00eced9d9853b6c36123f6d897519b846b9b36f46
                          • Instruction ID: fe06a7654ef8ef8004061d8218dea429e775534935ecdc5ccb0f57e8c1056e6d
                          • Opcode Fuzzy Hash: e0d0ac038c4f22cb2a873ef00eced9d9853b6c36123f6d897519b846b9b36f46
                          • Instruction Fuzzy Hash: A121F671A002489FDB41EF98CC06BEE7BFCAF48314F00805DE445B7241DBB859499F61
                          Function 00FC3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                          Download Yara Rule
                          APIs
                          • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00FC3908
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: IconNotifyShell_
                          • String ID:
                          • API String ID: 1144537725-0
                          • Opcode ID: 4bc270019ff89160c6572d2bdd5a2de552b1428d5b38104f814a9d688f68fa7a
                          • Instruction ID: 5c204e7e0ba257170d7ec0346614079f5ec164204daf4bc72f40cbce1de50149
                          • Opcode Fuzzy Hash: 4bc270019ff89160c6572d2bdd5a2de552b1428d5b38104f814a9d688f68fa7a
                          • Instruction Fuzzy Hash: 8031E571A043029FE321DF24D585B97BBF8FB49358F00492EF5D983280E775AA04DB52
                          Function 00FDF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                          Download Yara Rule
                          APIs
                          • timeGetTime.WINMM ref: 00FDF661
                            • Part of subcall function 00FCD730: GetInputState.USER32 ref: 00FCD807
                          • Sleep.KERNEL32(00000000), ref: 0101F2DE
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: InputSleepStateTimetime
                          • String ID:
                          • API String ID: 4149333218-0
                          • Opcode ID: 660789bfd1f83a20929c0e88c65689b487ba4aacbfbbc741a1b94f632cf25d2e
                          • Instruction ID: bf72d76a1acc187c3f99b9aa0c6128e4730fb499662818d942e8ec3f170acc5c
                          • Opcode Fuzzy Hash: 660789bfd1f83a20929c0e88c65689b487ba4aacbfbbc741a1b94f632cf25d2e
                          • Instruction Fuzzy Hash: E9F08C352407069FD310EF69DA4AF6AB7E8FF45760F00002AE89AC7350DB75A800DB90
                          Function 00FCB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                          Download Yara Rule
                          APIs
                          • __Init_thread_footer.LIBCMT ref: 00FCBB4E
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Init_thread_footer
                          • String ID:
                          • API String ID: 1385522511-0
                          • Opcode ID: 0f6ca09279c4125ac62280f91a41574d5d364bb4abf72505ba89f267e0f08e1f
                          • Instruction ID: 0101c83646d7e39d8cd58421a10e5c930c2c7d1f1c4aff9fb3d7accd1ffea18b
                          • Opcode Fuzzy Hash: 0f6ca09279c4125ac62280f91a41574d5d364bb4abf72505ba89f267e0f08e1f
                          • Instruction Fuzzy Hash: 7E32EE39A0020AAFDB20CF58C996FBE77B9FF44310F148059F985AB259C779AD81DB50
                          Function 00FC4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FC4EDD,?,01091418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FC4E9C
                            • Part of subcall function 00FC4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00FC4EAE
                            • Part of subcall function 00FC4E90: FreeLibrary.KERNEL32(00000000,?,?,00FC4EDD,?,01091418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FC4EC0
                          • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,01091418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FC4EFD
                            • Part of subcall function 00FC4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,01003CDE,?,01091418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FC4E62
                            • Part of subcall function 00FC4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00FC4E74
                            • Part of subcall function 00FC4E59: FreeLibrary.KERNEL32(00000000,?,?,01003CDE,?,01091418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FC4E87
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Library$Load$AddressFreeProc
                          • String ID:
                          • API String ID: 2632591731-0
                          • Opcode ID: 394744738be42582478fd3187e69f4a6e98ca6ca2ecdef318da3be5cf2fdf765
                          • Instruction ID: 38c69fc5c9b372b08ecc125c5d5efe645e646d9698cce36d9823b6542ee85b88
                          • Opcode Fuzzy Hash: 394744738be42582478fd3187e69f4a6e98ca6ca2ecdef318da3be5cf2fdf765
                          • Instruction Fuzzy Hash: 3D112732600306AADB11EB64DE23FAD77A5AF90B10F10442DF582EB1C1EE78BA44F750
                          Function 00FF8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: __wsopen_s
                          • String ID:
                          • API String ID: 3347428461-0
                          • Opcode ID: edce4a4a241de026a05265b20d9f47d61c438a3038a35f6edece0a628b5ca420
                          • Instruction ID: e47a4802f7a14a9a696d6bc903762feb9a92c5b2e3106ca53fa6fb03a2be71bd
                          • Opcode Fuzzy Hash: edce4a4a241de026a05265b20d9f47d61c438a3038a35f6edece0a628b5ca420
                          • Instruction Fuzzy Hash: 5C11487190410AAFCB05DF58E940AEE7BF8FF48310F104059F908AB311DB31DA12DBA4
                          Function 00FF5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FF4C7D: RtlAllocateHeap.NTDLL(00000008,00FC1129,00000000,?,00FF2E29,00000001,00000364,?,?,?,00FEF2DE,00FF3863,01091444,?,00FDFDF5,?), ref: 00FF4CBE
                          • _free.LIBCMT ref: 00FF506C
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: AllocateHeap_free
                          • String ID:
                          • API String ID: 614378929-0
                          • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                          • Instruction ID: 4131120c8f85d05e89725b2c993b026b0422f8bd600ab86ea6dc6d8a3a70dfbd
                          • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                          • Instruction Fuzzy Hash: B1012B726047095BE3318E559C41A6AFBE8FF85370F25051DE39493280EA706805C674
                          Function 010529BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                          Download Yara Rule
                          APIs
                          • GetForegroundWindow.USER32(00000000,?,?,?,010514B5,?), ref: 01052A01
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ForegroundWindow
                          • String ID:
                          • API String ID: 2020703349-0
                          • Opcode ID: 22f7dca24d5e78e7a9d85da5be7d7ec449017b6a8fc22207acac3434541ee5b1
                          • Instruction ID: 3e77f1f956bce8be12aa77bbffb1716d447509de869d4d0a53968d3feb05221d
                          • Opcode Fuzzy Hash: 22f7dca24d5e78e7a9d85da5be7d7ec449017b6a8fc22207acac3434541ee5b1
                          • Instruction Fuzzy Hash: 2901B536300642DFE3A5CA2CC454B273BE2EFD5254F2984A8C5C78B255D732EC42C790
                          Function 00FEE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                          • Instruction ID: 6575b48395feadca492c25c4842b4c8b573b13e40330a849e6aa265d93f3c3d0
                          • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                          • Instruction Fuzzy Hash: B9F02D32521E5897C7313B6BEC05B6B33989F52374F100715F620931E2DF78D806B9A5
                          Function 00FF4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • RtlAllocateHeap.NTDLL(00000008,00FC1129,00000000,?,00FF2E29,00000001,00000364,?,?,?,00FEF2DE,00FF3863,01091444,?,00FDFDF5,?), ref: 00FF4CBE
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: 13f97a6f4bab1ec564d57c210c49b6b937b0d70ac28c964d12c1b50e72281db5
                          • Instruction ID: 413a7935c6e760023299781f4e7cee9c102d71276b487b0653bc2b949d0d602c
                          • Opcode Fuzzy Hash: 13f97a6f4bab1ec564d57c210c49b6b937b0d70ac28c964d12c1b50e72281db5
                          • Instruction Fuzzy Hash: 0EF0B432A0226866EB215E62AC05B7B3798BF417B0B149115BB15A72A5CA35F800B6A0
                          Function 00FF3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • RtlAllocateHeap.NTDLL(00000000,?,01091444,?,00FDFDF5,?,?,00FCA976,00000010,01091440,00FC13FC,?,00FC13C6,?,00FC1129), ref: 00FF3852
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: edc53aa01d4baa2c12df8418c80fc6c79390c15001a89a12c4da53b3f26c2e98
                          • Instruction ID: 778eefbfe2b9206dd867a760bdabaab3b49194eb98d4f809f9eeb4f60aabd316
                          • Opcode Fuzzy Hash: edc53aa01d4baa2c12df8418c80fc6c79390c15001a89a12c4da53b3f26c2e98
                          • Instruction Fuzzy Hash: A2E0E5339002ACA6E73126779D00BBB3648AF42BF0F050024BE44925A0DB2DED01F2E0
                          Function 00FC4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                          Download Yara Rule
                          APIs
                          • FreeLibrary.KERNEL32(?,?,01091418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FC4F6D
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: FreeLibrary
                          • String ID:
                          • API String ID: 3664257935-0
                          • Opcode ID: 11fae70dc0d0a50742fc97cc356fb81ad3187462ae1e160b84ebc6a62625e0d6
                          • Instruction ID: 00176490b57e932445bb75c8ed49d8df0a08591b9683e6ef1734864a95c1e95b
                          • Opcode Fuzzy Hash: 11fae70dc0d0a50742fc97cc356fb81ad3187462ae1e160b84ebc6a62625e0d6
                          • Instruction Fuzzy Hash: 23F03971905752CFDB349F64E5A1E22BBE4AF14329320897EE1EA83610CB32A844EF10
                          Function 01052A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                          Download Yara Rule
                          APIs
                          • IsWindow.USER32(00000000), ref: 01052A66
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window
                          • String ID:
                          • API String ID: 2353593579-0
                          • Opcode ID: 69f9ff4f891bfc420f327b25bd40f792b2bd8484188e48ecad99fedfaebb1adf
                          • Instruction ID: 536b7d43b0ca13bcc6e47646145ce2673fb92f77578d67b1943f65e872bd6fc6
                          • Opcode Fuzzy Hash: 69f9ff4f891bfc420f327b25bd40f792b2bd8484188e48ecad99fedfaebb1adf
                          • Instruction Fuzzy Hash: 1EE08636354227EBD794EA30DC808FFB75CEF682957004536EC96C6140DB34999586F0
                          Function 00FC30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                          Download Yara Rule
                          APIs
                          • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00FC314E
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: IconNotifyShell_
                          • String ID:
                          • API String ID: 1144537725-0
                          • Opcode ID: 4f2b4b33e2223cea422d1651bf34aa93b345079996d3aa01447c2da6dcfa5263
                          • Instruction ID: 24b7bda7e2dea5f7069d8911135eb6a39a16af972f3c1df98b60e5472eb673da
                          • Opcode Fuzzy Hash: 4f2b4b33e2223cea422d1651bf34aa93b345079996d3aa01447c2da6dcfa5263
                          • Instruction Fuzzy Hash: E3F0A770A003059FE7629B24D846BD67BBCB70170CF0041E9A18896185DB794B88CF41
                          Function 00FC2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                          Download Yara Rule
                          APIs
                          • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00FC2DC4
                            • Part of subcall function 00FC6B57: _wcslen.LIBCMT ref: 00FC6B6A
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: LongNamePath_wcslen
                          • String ID:
                          • API String ID: 541455249-0
                          • Opcode ID: e9e577cd18883ff75f304b67e3b22f478aa794b1776b2a0a90111f3d425c3e50
                          • Instruction ID: e77391dc41d11f49d63a426efd4910a71c04cc4b14d2865739d6450dfa00e898
                          • Opcode Fuzzy Hash: e9e577cd18883ff75f304b67e3b22f478aa794b1776b2a0a90111f3d425c3e50
                          • Instruction Fuzzy Hash: FEE0C272A042245BDB21E2989C0AFEA77EDDFC87D0F0400B5FD4DE7248DA74ED808690
                          Function 00FC2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00FC3908
                            • Part of subcall function 00FCD730: GetInputState.USER32 ref: 00FCD807
                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00FC2B6B
                            • Part of subcall function 00FC30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00FC314E
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: IconNotifyShell_$CurrentDirectoryInputState
                          • String ID:
                          • API String ID: 3667716007-0
                          • Opcode ID: 48613a3df053bf9bba27f05d2064ad819cc6e4d9f9a945493775aa149eadcdc6
                          • Instruction ID: a5dcf4c6c7b1ea07d31c528850b97206823e5c669292eaa5a1ba573e289e69d8
                          • Opcode Fuzzy Hash: 48613a3df053bf9bba27f05d2064ad819cc6e4d9f9a945493775aa149eadcdc6
                          • Instruction Fuzzy Hash: FDE0263270430B02CB04BA309E27F7DB3499BD93A1F40443EF18243193CE3D4A4A6351
                          Function 0100039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • CreateFileW.KERNELBASE(00000000,00000000,?,01000704,?,?,00000000,?,01000704,00000000,0000000C), ref: 010003B7
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CreateFile
                          • String ID:
                          • API String ID: 823142352-0
                          • Opcode ID: 0c4c9efe135944085e924724e40a1156f1f1a4541a95696372bc148d149fc386
                          • Instruction ID: 712fbde3b941b1b8479a326a237d5645a9e979151e5b82b9cfd291a42f3fdc47
                          • Opcode Fuzzy Hash: 0c4c9efe135944085e924724e40a1156f1f1a4541a95696372bc148d149fc386
                          • Instruction Fuzzy Hash: 75D06C3204020DBBDF128E84DD06EDA3BAAFB48714F014000BE5856020C736E821AB94
                          Function 00FC1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                          Download Yara Rule
                          APIs
                          • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00FC1CBC
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: InfoParametersSystem
                          • String ID:
                          • API String ID: 3098949447-0
                          • Opcode ID: da3c918590189bba73a63bf235de40237521b762a7f4cb8c36a1c5c34e7242d2
                          • Instruction ID: 182a44a9c9bf7b47dde6e8851b29dab68c254b36e30fe60a0da1e9e70a4e6a41
                          • Opcode Fuzzy Hash: da3c918590189bba73a63bf235de40237521b762a7f4cb8c36a1c5c34e7242d2
                          • Instruction Fuzzy Hash: 1CC0483A280305AAF3248A90A96AF117769B348B14F448001F68AA95CB82BB18A0EB50

                          Non-executed Functions

                          Function 01059576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FD9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FD9BB2
                          • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0105961A
                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0105965B
                          • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0105969F
                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 010596C9
                          • SendMessageW.USER32 ref: 010596F2
                          • GetKeyState.USER32(00000011), ref: 0105978B
                          • GetKeyState.USER32(00000009), ref: 01059798
                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 010597AE
                          • GetKeyState.USER32(00000010), ref: 010597B8
                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 010597E9
                          • SendMessageW.USER32 ref: 01059810
                          • SendMessageW.USER32(?,00001030,?,01057E95), ref: 01059918
                          • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0105992E
                          • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 01059941
                          • SetCapture.USER32(?), ref: 0105994A
                          • ClientToScreen.USER32(?,?), ref: 010599AF
                          • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 010599BC
                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 010599D6
                          • ReleaseCapture.USER32 ref: 010599E1
                          • GetCursorPos.USER32(?), ref: 01059A19
                          • ScreenToClient.USER32(?,?), ref: 01059A26
                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 01059A80
                          • SendMessageW.USER32 ref: 01059AAE
                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 01059AEB
                          • SendMessageW.USER32 ref: 01059B1A
                          • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 01059B3B
                          • SendMessageW.USER32(?,0000110B,00000009,?), ref: 01059B4A
                          • GetCursorPos.USER32(?), ref: 01059B68
                          • ScreenToClient.USER32(?,?), ref: 01059B75
                          • GetParent.USER32(?), ref: 01059B93
                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 01059BFA
                          • SendMessageW.USER32 ref: 01059C2B
                          • ClientToScreen.USER32(?,?), ref: 01059C84
                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 01059CB4
                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 01059CDE
                          • SendMessageW.USER32 ref: 01059D01
                          • ClientToScreen.USER32(?,?), ref: 01059D4E
                          • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 01059D82
                            • Part of subcall function 00FD9944: GetWindowLongW.USER32(?,000000EB), ref: 00FD9952
                          • GetWindowLongW.USER32(?,000000F0), ref: 01059E05
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                          • String ID: @GUI_DRAGID$F
                          • API String ID: 3429851547-4164748364
                          • Opcode ID: 1b6f1187f007c1af19ae229154abc8079c07607f21ce77922c3bda243cd91e44
                          • Instruction ID: 0e6ed18d79ba894c3c555f067ea4f27c4f4584d720163989e3adfb90d4744a2b
                          • Opcode Fuzzy Hash: 1b6f1187f007c1af19ae229154abc8079c07607f21ce77922c3bda243cd91e44
                          • Instruction Fuzzy Hash: BA429F34204301EFEBA5CF28C944AABBBE9FF48318F040559FAD9872A1D735A954DB61
                          Function 01054873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 010548F3
                          • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 01054908
                          • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 01054927
                          • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0105494B
                          • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0105495C
                          • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0105497B
                          • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 010549AE
                          • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 010549D4
                          • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 01054A0F
                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 01054A56
                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 01054A7E
                          • IsMenu.USER32(?), ref: 01054A97
                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 01054AF2
                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 01054B20
                          • GetWindowLongW.USER32(?,000000F0), ref: 01054B94
                          • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 01054BE3
                          • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 01054C82
                          • wsprintfW.USER32 ref: 01054CAE
                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 01054CC9
                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 01054CF1
                          • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 01054D13
                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 01054D33
                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 01054D5A
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                          • String ID: %d/%02d/%02d
                          • API String ID: 4054740463-328681919
                          • Opcode ID: 7a477966c20d0f6dcb42a40e7877db9a245cab55338d68358adc36d669f78f52
                          • Instruction ID: 37b8ef6d22b9dd042046fffe9d6d99876d77ffcfd9685c75f8b505ef012d3eb0
                          • Opcode Fuzzy Hash: 7a477966c20d0f6dcb42a40e7877db9a245cab55338d68358adc36d669f78f52
                          • Instruction Fuzzy Hash: 2812DE71600314ABFBA58F28CD49FEF7BF8EB45310F044159F996DA291E7789A81CB50
                          Function 00FDF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                          Download Yara Rule
                          APIs
                          • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00FDF998
                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0101F474
                          • IsIconic.USER32(00000000), ref: 0101F47D
                          • ShowWindow.USER32(00000000,00000009), ref: 0101F48A
                          • SetForegroundWindow.USER32(00000000), ref: 0101F494
                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0101F4AA
                          • GetCurrentThreadId.KERNEL32 ref: 0101F4B1
                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0101F4BD
                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 0101F4CE
                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 0101F4D6
                          • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0101F4DE
                          • SetForegroundWindow.USER32(00000000), ref: 0101F4E1
                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0101F4F6
                          • keybd_event.USER32(00000012,00000000), ref: 0101F501
                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0101F50B
                          • keybd_event.USER32(00000012,00000000), ref: 0101F510
                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0101F519
                          • keybd_event.USER32(00000012,00000000), ref: 0101F51E
                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 0101F528
                          • keybd_event.USER32(00000012,00000000), ref: 0101F52D
                          • SetForegroundWindow.USER32(00000000), ref: 0101F530
                          • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0101F557
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                          • String ID: Shell_TrayWnd
                          • API String ID: 4125248594-2988720461
                          • Opcode ID: 1141bba8cb92bae80b86c0e35addc1a8c8d86e3936aa6970630ec2c286c80706
                          • Instruction ID: 331bfcaf32d09502f11d482f44fb8eaf535dcfd49d6f11bde361474c9585523c
                          • Opcode Fuzzy Hash: 1141bba8cb92bae80b86c0e35addc1a8c8d86e3936aa6970630ec2c286c80706
                          • Instruction Fuzzy Hash: 9D318171A40318BBFB316BB54D4AFBF7EACEB44B50F100055FA41E61C5D6B55A40ABA0
                          Function 01021201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 010216C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0102170D
                            • Part of subcall function 010216C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0102173A
                            • Part of subcall function 010216C3: GetLastError.KERNEL32 ref: 0102174A
                          • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 01021286
                          • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 010212A8
                          • CloseHandle.KERNEL32(?), ref: 010212B9
                          • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 010212D1
                          • GetProcessWindowStation.USER32 ref: 010212EA
                          • SetProcessWindowStation.USER32(00000000), ref: 010212F4
                          • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 01021310
                            • Part of subcall function 010210BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,010211FC), ref: 010210D4
                            • Part of subcall function 010210BF: CloseHandle.KERNEL32(?,?,010211FC), ref: 010210E9
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                          • String ID: $default$winsta0
                          • API String ID: 22674027-1027155976
                          • Opcode ID: df91eea44dc2f195f6ebe7c440b52cfd4a98d45f25ae97e7d979274c89a4e889
                          • Instruction ID: d44aa1537f2cbd66b1101665efa5a339290571c67f52deb3135ffb2ff47dcfb4
                          • Opcode Fuzzy Hash: df91eea44dc2f195f6ebe7c440b52cfd4a98d45f25ae97e7d979274c89a4e889
                          • Instruction Fuzzy Hash: E3819A71900319ABEF219FA8DD48BEF7FBDEF08704F044169FA95A6190CB359A44CB60
                          Function 01020B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 010210F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 01021114
                            • Part of subcall function 010210F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,01020B9B,?,?,?), ref: 01021120
                            • Part of subcall function 010210F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,01020B9B,?,?,?), ref: 0102112F
                            • Part of subcall function 010210F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,01020B9B,?,?,?), ref: 01021136
                            • Part of subcall function 010210F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0102114D
                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 01020BCC
                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 01020C00
                          • GetLengthSid.ADVAPI32(?), ref: 01020C17
                          • GetAce.ADVAPI32(?,00000000,?), ref: 01020C51
                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 01020C6D
                          • GetLengthSid.ADVAPI32(?), ref: 01020C84
                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 01020C8C
                          • HeapAlloc.KERNEL32(00000000), ref: 01020C93
                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 01020CB4
                          • CopySid.ADVAPI32(00000000), ref: 01020CBB
                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 01020CEA
                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 01020D0C
                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 01020D1E
                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01020D45
                          • HeapFree.KERNEL32(00000000), ref: 01020D4C
                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01020D55
                          • HeapFree.KERNEL32(00000000), ref: 01020D5C
                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01020D65
                          • HeapFree.KERNEL32(00000000), ref: 01020D6C
                          • GetProcessHeap.KERNEL32(00000000,?), ref: 01020D78
                          • HeapFree.KERNEL32(00000000), ref: 01020D7F
                            • Part of subcall function 01021193: GetProcessHeap.KERNEL32(00000008,01020BB1,?,00000000,?,01020BB1,?), ref: 010211A1
                            • Part of subcall function 01021193: HeapAlloc.KERNEL32(00000000,?,00000000,?,01020BB1,?), ref: 010211A8
                            • Part of subcall function 01021193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,01020BB1,?), ref: 010211B7
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                          • String ID:
                          • API String ID: 4175595110-0
                          • Opcode ID: 115b31bdc6c5d6423ed3d935229af557cbc630c20ae342d968b8f771cc619441
                          • Instruction ID: bae5a590c52165fdd402abc3b1185bd15575afeb457536dfeb63d71656e56e3e
                          • Opcode Fuzzy Hash: 115b31bdc6c5d6423ed3d935229af557cbc630c20ae342d968b8f771cc619441
                          • Instruction Fuzzy Hash: 05717B7190131AABEF209FA8DD44BAFBBBCFF05210F144195FA94A7184D775A905CF60
                          Function 0103EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                          Download Yara Rule
                          APIs
                          • OpenClipboard.USER32(0105CC08), ref: 0103EB29
                          • IsClipboardFormatAvailable.USER32(0000000D), ref: 0103EB37
                          • GetClipboardData.USER32(0000000D), ref: 0103EB43
                          • CloseClipboard.USER32 ref: 0103EB4F
                          • GlobalLock.KERNEL32(00000000), ref: 0103EB87
                          • CloseClipboard.USER32 ref: 0103EB91
                          • GlobalUnlock.KERNEL32(00000000), ref: 0103EBBC
                          • IsClipboardFormatAvailable.USER32(00000001), ref: 0103EBC9
                          • GetClipboardData.USER32(00000001), ref: 0103EBD1
                          • GlobalLock.KERNEL32(00000000), ref: 0103EBE2
                          • GlobalUnlock.KERNEL32(00000000), ref: 0103EC22
                          • IsClipboardFormatAvailable.USER32(0000000F), ref: 0103EC38
                          • GetClipboardData.USER32(0000000F), ref: 0103EC44
                          • GlobalLock.KERNEL32(00000000), ref: 0103EC55
                          • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0103EC77
                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0103EC94
                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0103ECD2
                          • GlobalUnlock.KERNEL32(00000000), ref: 0103ECF3
                          • CountClipboardFormats.USER32 ref: 0103ED14
                          • CloseClipboard.USER32 ref: 0103ED59
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                          • String ID:
                          • API String ID: 420908878-0
                          • Opcode ID: 834156342f4acd7dd67356c31521db4a803da1d9d8503313f3d9bb63725fc981
                          • Instruction ID: 311361c12d20126466a44b7d0274b727257dda77279495eba95859b1b75ad4bd
                          • Opcode Fuzzy Hash: 834156342f4acd7dd67356c31521db4a803da1d9d8503313f3d9bb63725fc981
                          • Instruction Fuzzy Hash: 0261BD342043029FE311EF28D989F6B7BECAF84744F04465DF5969B292CB36E905CB62
                          Function 0103698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                          Download Yara Rule
                          APIs
                          • FindFirstFileW.KERNEL32(?,?), ref: 010369BE
                          • FindClose.KERNEL32(00000000), ref: 01036A12
                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 01036A4E
                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 01036A75
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 01036AB2
                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 01036ADF
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                          • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                          • API String ID: 3830820486-3289030164
                          • Opcode ID: 6a13e1ced346dd039c685076c5f91c41c45f83a9b3156558fe1bfd920f7b6c75
                          • Instruction ID: 2fd27a702a3d179e8bc88e7372e107b7164bdd92182137c90325da54ab8f6c0d
                          • Opcode Fuzzy Hash: 6a13e1ced346dd039c685076c5f91c41c45f83a9b3156558fe1bfd920f7b6c75
                          • Instruction Fuzzy Hash: 72D16171508301AFC310EBA4CD86EABB7ECAF88704F44491DF589C7191EB79DA48DB62
                          Function 01039642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                          Download Yara Rule
                          APIs
                          • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 01039663
                          • GetFileAttributesW.KERNEL32(?), ref: 010396A1
                          • SetFileAttributesW.KERNEL32(?,?), ref: 010396BB
                          • FindNextFileW.KERNEL32(00000000,?), ref: 010396D3
                          • FindClose.KERNEL32(00000000), ref: 010396DE
                          • FindFirstFileW.KERNEL32(*.*,?), ref: 010396FA
                          • SetCurrentDirectoryW.KERNEL32(?), ref: 0103974A
                          • SetCurrentDirectoryW.KERNEL32(01086B7C), ref: 01039768
                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 01039772
                          • FindClose.KERNEL32(00000000), ref: 0103977F
                          • FindClose.KERNEL32(00000000), ref: 0103978F
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                          • String ID: *.*
                          • API String ID: 1409584000-438819550
                          • Opcode ID: dfeeb207d586b90aa82567352cd6d785d7268ac64b3e65ebc15c0cb75d3f6b4d
                          • Instruction ID: 0219ee0fd28c65513eeaa46f049b7a9beb8709553e783ea67e633c67c357fd45
                          • Opcode Fuzzy Hash: dfeeb207d586b90aa82567352cd6d785d7268ac64b3e65ebc15c0cb75d3f6b4d
                          • Instruction Fuzzy Hash: 6431F63254131A6BEF25AEB9DD49ADF37ECAF89364F004099F985E2090DB75DA40CB10
                          Function 0103979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                          Download Yara Rule
                          APIs
                          • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 010397BE
                          • FindNextFileW.KERNEL32(00000000,?), ref: 01039819
                          • FindClose.KERNEL32(00000000), ref: 01039824
                          • FindFirstFileW.KERNEL32(*.*,?), ref: 01039840
                          • SetCurrentDirectoryW.KERNEL32(?), ref: 01039890
                          • SetCurrentDirectoryW.KERNEL32(01086B7C), ref: 010398AE
                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 010398B8
                          • FindClose.KERNEL32(00000000), ref: 010398C5
                          • FindClose.KERNEL32(00000000), ref: 010398D5
                            • Part of subcall function 0102DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0102DB00
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                          • String ID: *.*
                          • API String ID: 2640511053-438819550
                          • Opcode ID: c540f1cacf66347769245ac47cfe424e262f2274e6714fda17d7cee1c6c9db9d
                          • Instruction ID: 6920a7e7dd58097cdacc3a4412870bcfabd814143e3ae5bb89e6f7322b1ac887
                          • Opcode Fuzzy Hash: c540f1cacf66347769245ac47cfe424e262f2274e6714fda17d7cee1c6c9db9d
                          • Instruction Fuzzy Hash: CF31D83150031AAAEF20EFB9DC48ADF77AC9FC5328F104195E9D4A2090DB75DA85CF20
                          Function 0104BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 0104C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0104B6AE,?,?), ref: 0104C9B5
                            • Part of subcall function 0104C998: _wcslen.LIBCMT ref: 0104C9F1
                            • Part of subcall function 0104C998: _wcslen.LIBCMT ref: 0104CA68
                            • Part of subcall function 0104C998: _wcslen.LIBCMT ref: 0104CA9E
                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0104BF3E
                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0104BFA9
                          • RegCloseKey.ADVAPI32(00000000), ref: 0104BFCD
                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0104C02C
                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0104C0E7
                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0104C154
                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0104C1E9
                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0104C23A
                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0104C2E3
                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0104C382
                          • RegCloseKey.ADVAPI32(00000000), ref: 0104C38F
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                          • String ID:
                          • API String ID: 3102970594-0
                          • Opcode ID: 151545d1b58124c45aa237ab886a233b39eadb8781a71366d06788922c026329
                          • Instruction ID: 462e98666f7c842b9bbcf6eee79e3e32730b3c4fcd7a5c02117279ab54e336b1
                          • Opcode Fuzzy Hash: 151545d1b58124c45aa237ab886a233b39eadb8781a71366d06788922c026329
                          • Instruction Fuzzy Hash: F7025EB06042019FE754DF28C9D5E2ABBE5AF89304F08C4ADF48ACB2A2D735ED45CB51
                          Function 01038195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                          Download Yara Rule
                          APIs
                          • GetLocalTime.KERNEL32(?), ref: 01038257
                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 01038267
                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 01038273
                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 01038310
                          • SetCurrentDirectoryW.KERNEL32(?), ref: 01038324
                          • SetCurrentDirectoryW.KERNEL32(?), ref: 01038356
                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0103838C
                          • SetCurrentDirectoryW.KERNEL32(?), ref: 01038395
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CurrentDirectoryTime$File$Local$System
                          • String ID: *.*
                          • API String ID: 1464919966-438819550
                          • Opcode ID: 5389c8b56dff6d4a075111b060ca9c5f098966cb6719c868349e033bf4162161
                          • Instruction ID: 321a77dde669468b071760b66c341c880a23f9653e6890e325a5764938d08e91
                          • Opcode Fuzzy Hash: 5389c8b56dff6d4a075111b060ca9c5f098966cb6719c868349e033bf4162161
                          • Instruction Fuzzy Hash: 106179725083059FD710EF64C841AAEB3ECFF89310F04896EF98987251DB35E945CB92
                          Function 0102D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FC3A97,?,?,00FC2E7F,?,?,?,00000000), ref: 00FC3AC2
                            • Part of subcall function 0102E199: GetFileAttributesW.KERNEL32(?,0102CF95), ref: 0102E19A
                          • FindFirstFileW.KERNEL32(?,?), ref: 0102D122
                          • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0102D1DD
                          • MoveFileW.KERNEL32(?,?), ref: 0102D1F0
                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0102D20D
                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0102D237
                            • Part of subcall function 0102D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0102D21C,?,?), ref: 0102D2B2
                          • FindClose.KERNEL32(00000000,?,?,?), ref: 0102D253
                          • FindClose.KERNEL32(00000000), ref: 0102D264
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                          • String ID: \*.*
                          • API String ID: 1946585618-1173974218
                          • Opcode ID: f0f278f16bb3a587c47d388544575d5cf8b9602268aa2628accd3a82e7d63ed2
                          • Instruction ID: fef3b001b582a705cb6d1456ab7a70412837557168ad6788be1d120fc23bc476
                          • Opcode Fuzzy Hash: f0f278f16bb3a587c47d388544575d5cf8b9602268aa2628accd3a82e7d63ed2
                          • Instruction Fuzzy Hash: A661913180521EABDF05EBE0DE52EEDB7B9AF11300F6041A9E44173191EB35AF09DB60
                          Function 0103ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                          • String ID:
                          • API String ID: 1737998785-0
                          • Opcode ID: 8a0998b570a7fd927d8537d6b7b87c1469e2c6f07ab9cb6dc8fa0488d421eca0
                          • Instruction ID: b7054f31319a807178eea07454530da50aaaaa5ca5a4f7e8669481ee1f01f458
                          • Opcode Fuzzy Hash: 8a0998b570a7fd927d8537d6b7b87c1469e2c6f07ab9cb6dc8fa0488d421eca0
                          • Instruction Fuzzy Hash: A8418F352046119FE721DF19D549F1ABBE9EF84318F04C19DE49A8B662C73AFD42CBA0
                          Function 0102E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 010216C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0102170D
                            • Part of subcall function 010216C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0102173A
                            • Part of subcall function 010216C3: GetLastError.KERNEL32 ref: 0102174A
                          • ExitWindowsEx.USER32(?,00000000), ref: 0102E932
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                          • String ID: $ $@$SeShutdownPrivilege
                          • API String ID: 2234035333-3163812486
                          • Opcode ID: 27d6e603dee98ca98cf012b2f90f744a3e7fa7cc401bcfb9a1cf6aa984207f65
                          • Instruction ID: dd4ca136a057015e0c6dc27d20dbbf1418011539c48f3149a165f614c5a8e031
                          • Opcode Fuzzy Hash: 27d6e603dee98ca98cf012b2f90f744a3e7fa7cc401bcfb9a1cf6aa984207f65
                          • Instruction Fuzzy Hash: C4012132790331ABFBA422B8DC89BFF72ACAB14740F050823FDC2E20C1D6A55C4082A0
                          Function 01041204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                          Download Yara Rule
                          APIs
                          • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 01041276
                          • WSAGetLastError.WSOCK32 ref: 01041283
                          • bind.WSOCK32(00000000,?,00000010), ref: 010412BA
                          • WSAGetLastError.WSOCK32 ref: 010412C5
                          • closesocket.WSOCK32(00000000), ref: 010412F4
                          • listen.WSOCK32(00000000,00000005), ref: 01041303
                          • WSAGetLastError.WSOCK32 ref: 0104130D
                          • closesocket.WSOCK32(00000000), ref: 0104133C
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorLast$closesocket$bindlistensocket
                          • String ID:
                          • API String ID: 540024437-0
                          • Opcode ID: 9713ddb8fbe2240af1c035b5cba46ea2470d216883cbdf332db00b692d87fa22
                          • Instruction ID: 214b9fa5175c54c2ed7969ca6cb46c521e5ffd492d636fc9460c6b35cbdfb259
                          • Opcode Fuzzy Hash: 9713ddb8fbe2240af1c035b5cba46ea2470d216883cbdf332db00b692d87fa22
                          • Instruction Fuzzy Hash: 864172B56002019FE710DF68C6C5B2ABBE5AF46314F188198D9968F296C775FC81CBA1
                          Function 0102D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FC3A97,?,?,00FC2E7F,?,?,?,00000000), ref: 00FC3AC2
                            • Part of subcall function 0102E199: GetFileAttributesW.KERNEL32(?,0102CF95), ref: 0102E19A
                          • FindFirstFileW.KERNEL32(?,?), ref: 0102D420
                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0102D470
                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0102D481
                          • FindClose.KERNEL32(00000000), ref: 0102D498
                          • FindClose.KERNEL32(00000000), ref: 0102D4A1
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                          • String ID: \*.*
                          • API String ID: 2649000838-1173974218
                          • Opcode ID: e78550b59e6a0f39c14d5019458134e38721f6d9c6d63b9a51df278ffb0a2560
                          • Instruction ID: c2866105bc6449e56be7b6b7b1a2f873b2face943d47aafb5110255f575d934d
                          • Opcode Fuzzy Hash: e78550b59e6a0f39c14d5019458134e38721f6d9c6d63b9a51df278ffb0a2560
                          • Instruction Fuzzy Hash: 6731C03100C3469BC311EF64C996DEFB7E8AE91304F404A1DF4D593191EB29AA09DB63
                          Function 00FFE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: __floor_pentium4
                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                          • API String ID: 4168288129-2761157908
                          • Opcode ID: 7544f2b9a5ada8875c6b271a97d34d7df2575fcbb5f563d9091a1e7bb8ed7ece
                          • Instruction ID: 436ec4c46dac7e14133e51ad7e5558eb3318101bf8ba322f8346f225f50dd761
                          • Opcode Fuzzy Hash: 7544f2b9a5ada8875c6b271a97d34d7df2575fcbb5f563d9091a1e7bb8ed7ece
                          • Instruction Fuzzy Hash: 6CC22872E086288FDB25CE28DD407EAB7B5EF44314F1441EAD94DE7260E778AE859F40
                          Function 0103648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                          Download Yara Rule
                          APIs
                          • _wcslen.LIBCMT ref: 010364DC
                          • CoInitialize.OLE32(00000000), ref: 01036639
                          • CoCreateInstance.OLE32(0105FCF8,00000000,00000001,0105FB68,?), ref: 01036650
                          • CoUninitialize.OLE32 ref: 010368D4
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CreateInitializeInstanceUninitialize_wcslen
                          • String ID: .lnk
                          • API String ID: 886957087-24824748
                          • Opcode ID: d8e87512891a581520b0b8b2df6c54a72103e066127689412bcc3506a5e60831
                          • Instruction ID: 5ef3b08946887d5a92ce49badcad1ac13a9dac6c238b5d09f932e5d39e84c37b
                          • Opcode Fuzzy Hash: d8e87512891a581520b0b8b2df6c54a72103e066127689412bcc3506a5e60831
                          • Instruction Fuzzy Hash: 7DD14C71508302AFD314EF24C981E6BB7E8FF99704F00496DF5958B291DB75EA09CBA2
                          Function 01039B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                          • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 01039B78
                          • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 01039C8B
                            • Part of subcall function 01033874: GetInputState.USER32 ref: 010338CB
                            • Part of subcall function 01033874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 01033966
                          • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 01039BA8
                          • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 01039C75
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                          • String ID: *.*
                          • API String ID: 1972594611-438819550
                          • Opcode ID: db78dba4c6909937a050f6d6e26e8d71b37948e7bf3fd70bb4db5c25fee65f7b
                          • Instruction ID: 27beb2c24b8ae98e76ab5ca9fcd4206f84f7c98e1078be44732caba84c0bf5a7
                          • Opcode Fuzzy Hash: db78dba4c6909937a050f6d6e26e8d71b37948e7bf3fd70bb4db5c25fee65f7b
                          • Instruction Fuzzy Hash: FF41E03190420E9FDF54DFA8CD89AEEBBF8EF45304F144099E985A3191EB709A84CF60
                          Function 00FD997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FD9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FD9BB2
                          • DefDlgProcW.USER32(?,?,?,?,?), ref: 00FD9A4E
                          • GetSysColor.USER32(0000000F), ref: 00FD9B23
                          • SetBkColor.GDI32(?,00000000), ref: 00FD9B36
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Color$LongProcWindow
                          • String ID:
                          • API String ID: 3131106179-0
                          • Opcode ID: 31833da6609e2143a8d4a1bd41f99577f51fc1d24d5849ed14128e70c44a1b6e
                          • Instruction ID: ca2c2eb4da478824f0156397c4a03ea55110e2f69cecbcd5f65059825e2e363d
                          • Opcode Fuzzy Hash: 31833da6609e2143a8d4a1bd41f99577f51fc1d24d5849ed14128e70c44a1b6e
                          • Instruction Fuzzy Hash: C4A13D7220C105AEE7759ABC8C58E7F399EEB46354F19020BF582C7789CAAD9D01E371
                          Function 01041806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 0104304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0104307A
                            • Part of subcall function 0104304E: _wcslen.LIBCMT ref: 0104309B
                          • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0104185D
                          • WSAGetLastError.WSOCK32 ref: 01041884
                          • bind.WSOCK32(00000000,?,00000010), ref: 010418DB
                          • WSAGetLastError.WSOCK32 ref: 010418E6
                          • closesocket.WSOCK32(00000000), ref: 01041915
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                          • String ID:
                          • API String ID: 1601658205-0
                          • Opcode ID: c8f81921fab4b990c985712fd457b06e17f7df474f80e2a111f39c3aba85dcf3
                          • Instruction ID: 17225be6d62dad2d450c22958cf1c0ee48f0ec4fc39055b068d1699a22d68ff0
                          • Opcode Fuzzy Hash: c8f81921fab4b990c985712fd457b06e17f7df474f80e2a111f39c3aba85dcf3
                          • Instruction Fuzzy Hash: 3251B275A00210AFEB10EF24C986F6A77E5AB45718F08849CF9469F3C3C775AD41DBA1
                          Function 0103CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                          Download Yara Rule
                          APIs
                          • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0103C21E,00000000), ref: 0103CF38
                          • InternetReadFile.WININET(?,00000000,?,?), ref: 0103CF6F
                          • GetLastError.KERNEL32(?,00000000,?,?,?,0103C21E,00000000), ref: 0103CFB4
                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,0103C21E,00000000), ref: 0103CFC8
                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,0103C21E,00000000), ref: 0103CFF2
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                          • String ID:
                          • API String ID: 3191363074-0
                          • Opcode ID: 8f843e023cbb73af7727a76c408828ca237d6f26ff1bb547dd43498698f4ba97
                          • Instruction ID: 232d0c838ba6dfaaa9f8975f67dcb0ffa9229ddb79e25cb618eba0c2003f8ed5
                          • Opcode Fuzzy Hash: 8f843e023cbb73af7727a76c408828ca237d6f26ff1bb547dd43498698f4ba97
                          • Instruction Fuzzy Hash: 96314B71500705AFFB20DFA9CA84AAFBBFCEB44354B10446FE58AE2141DB34AA41DB60
                          Function 01051C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$EnabledForegroundIconicVisibleZoomed
                          • String ID:
                          • API String ID: 292994002-0
                          • Opcode ID: 0e94ab502c1c3526af4986269dde49524bce1500829232cc2bffe3fb807674c6
                          • Instruction ID: 7cc8d4d636a54c43c6932ff5d5a17d80669bc19c36a29276eb0fac5325233e18
                          • Opcode Fuzzy Hash: 0e94ab502c1c3526af4986269dde49524bce1500829232cc2bffe3fb807674c6
                          • Instruction Fuzzy Hash: 8B2182317002055FE7A19F1AC884F6B7FE9AF95315B19809CEC898B341C776E942CBA0
                          Function 00FC8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                          • API String ID: 0-1546025612
                          • Opcode ID: 84c7209b2ebfdeac303fca8203ba0e57eb9673fd61040f101cbe57270fa62f45
                          • Instruction ID: 5761531ccae8478c7f5ebb8083e5db22ee5ff18f6e2a887ac82dcc23f2e64c94
                          • Opcode Fuzzy Hash: 84c7209b2ebfdeac303fca8203ba0e57eb9673fd61040f101cbe57270fa62f45
                          • Instruction Fuzzy Hash: 97A2C471E0021ACBEF25CF58C941BEEB7B2BF44350F1481AAD855A7281EB719D92DF90
                          Function 0102AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                          Download Yara Rule
                          APIs
                          • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 0102ABF1
                          • SetKeyboardState.USER32(00000080,?,00008000), ref: 0102AC0D
                          • PostMessageW.USER32(00000000,00000101,00000000), ref: 0102AC74
                          • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 0102ACC6
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: KeyboardState$InputMessagePostSend
                          • String ID:
                          • API String ID: 432972143-0
                          • Opcode ID: 3d1a08232336546ef4a538f0fb08597639f25dcf05e80dbd15a5a8dd302de4e6
                          • Instruction ID: cb07da7f6b819a9f7c72f729c60b9bd1ed655864ee2d37064a988cadca6858eb
                          • Opcode Fuzzy Hash: 3d1a08232336546ef4a538f0fb08597639f25dcf05e80dbd15a5a8dd302de4e6
                          • Instruction Fuzzy Hash: 40310530B0032CEFFF358A68C8047FEBAA9AB89310F24425AE4C5535D1CB7585858751
                          Function 00FFBB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                          Download Yara Rule
                          APIs
                          • _free.LIBCMT ref: 00FFBB7F
                            • Part of subcall function 00FF29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FFD7D1,00000000,00000000,00000000,00000000,?,00FFD7F8,00000000,00000007,00000000,?,00FFDBF5,00000000), ref: 00FF29DE
                            • Part of subcall function 00FF29C8: GetLastError.KERNEL32(00000000,?,00FFD7D1,00000000,00000000,00000000,00000000,?,00FFD7F8,00000000,00000007,00000000,?,00FFDBF5,00000000,00000000), ref: 00FF29F0
                          • GetTimeZoneInformation.KERNEL32 ref: 00FFBB91
                          • WideCharToMultiByte.KERNEL32(00000000,?,0109121C,000000FF,?,0000003F,?,?), ref: 00FFBC09
                          • WideCharToMultiByte.KERNEL32(00000000,?,01091270,000000FF,?,0000003F,?,?,?,0109121C,000000FF,?,0000003F,?,?), ref: 00FFBC36
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                          • String ID:
                          • API String ID: 806657224-0
                          • Opcode ID: 86aad54daaade346c03adfd23b413c7ab258f7e1b8700ef192847acb84de2a04
                          • Instruction ID: 9ccffa1b0b46d47402ab442287c80a8e310e62f95d32f7950f2f547fb3b29676
                          • Opcode Fuzzy Hash: 86aad54daaade346c03adfd23b413c7ab258f7e1b8700ef192847acb84de2a04
                          • Instruction Fuzzy Hash: BE31A5B1A0820ADFCB21EF69DC9053ABBB8FF45760714429AE290D72B5D7359D10EB50
                          Function 01028298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                          Download Yara Rule
                          APIs
                          • lstrlenW.KERNEL32(?,?,?,00000000), ref: 010282AA
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: lstrlen
                          • String ID: ($|
                          • API String ID: 1659193697-1631851259
                          • Opcode ID: a543a96132707b500e97542cb5c58de0b151059e3cff2127b6adc0e82ffe863c
                          • Instruction ID: 7bded17634b1b3e194726f4a18006a55a841cd08893e90d937febf2f6b4961eb
                          • Opcode Fuzzy Hash: a543a96132707b500e97542cb5c58de0b151059e3cff2127b6adc0e82ffe863c
                          • Instruction Fuzzy Hash: CF323578A007159FDB28CF59C480AAAB7F0FF48310B15C5AEE59ADB7A1E770E941CB40
                          Function 01035C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                          Download Yara Rule
                          APIs
                          • FindFirstFileW.KERNEL32(?,?), ref: 01035CC1
                          • FindNextFileW.KERNEL32(00000000,?), ref: 01035D17
                          • FindClose.KERNEL32(?), ref: 01035D5F
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Find$File$CloseFirstNext
                          • String ID:
                          • API String ID: 3541575487-0
                          • Opcode ID: b9c5c9ae7841db6dab45e7126a798d3231b9e4cfcca22da0f341ef970580e678
                          • Instruction ID: d2ccff3a0134e8d10cec7ab99f683d793317a751db086cdbafc408dc0ee20571
                          • Opcode Fuzzy Hash: b9c5c9ae7841db6dab45e7126a798d3231b9e4cfcca22da0f341ef970580e678
                          • Instruction Fuzzy Hash: 6A51BE346047029FD714DF28C899E9AB7E8FF49314F14859DE99A8B3A2CB34E905CF91
                          Function 00FF2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • IsDebuggerPresent.KERNEL32 ref: 00FF271A
                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00FF2724
                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00FF2731
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                          • String ID:
                          • API String ID: 3906539128-0
                          • Opcode ID: 64141f8094e2e96d5eae7727e213b1800916a055aeeb64179b304c3161b6f9ec
                          • Instruction ID: 711a0c158d5d68478922658299b2fd875a0d71d1bf23aa871b24b4de21e888da
                          • Opcode Fuzzy Hash: 64141f8094e2e96d5eae7727e213b1800916a055aeeb64179b304c3161b6f9ec
                          • Instruction Fuzzy Hash: 6A31E27190131CABCB61DF68DD8879DBBB8AF08310F1041EAE80CA6261EB749F819F44
                          Function 010351CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                          Download Yara Rule
                          APIs
                          • SetErrorMode.KERNEL32(00000001), ref: 010351DA
                          • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 01035238
                          • SetErrorMode.KERNEL32(00000000), ref: 010352A1
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorMode$DiskFreeSpace
                          • String ID:
                          • API String ID: 1682464887-0
                          • Opcode ID: d966ab0932db85a92f87f878442c488e5083dd0a6f8086dea278637cc104e17f
                          • Instruction ID: bdd29b70da8a305b5e3ee7376021596829b1d2fdd36f7dafdcce310bb448e0ab
                          • Opcode Fuzzy Hash: d966ab0932db85a92f87f878442c488e5083dd0a6f8086dea278637cc104e17f
                          • Instruction Fuzzy Hash: 64314D75A002199FDB00DF54D884EADBBB8FF49314F048099E9459B356DB36E855CB90
                          Function 010216C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FDFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00FE0668
                            • Part of subcall function 00FDFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00FE0685
                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0102170D
                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0102173A
                          • GetLastError.KERNEL32 ref: 0102174A
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                          • String ID:
                          • API String ID: 577356006-0
                          • Opcode ID: 6a15366c8c3a4bcd3ba71430438a6879e263d969e1bc4c790b3f9d94e10ead73
                          • Instruction ID: e9ad6e265dfadb5307c68b9c1dc99bc87775a3b01112dcf498a611ea5371d677
                          • Opcode Fuzzy Hash: 6a15366c8c3a4bcd3ba71430438a6879e263d969e1bc4c790b3f9d94e10ead73
                          • Instruction Fuzzy Hash: 5411BFB2400304AFE7289F54DC86D6BBBBEFB44724B24852EF49653241EB74B8418B20
                          Function 0102D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                          Download Yara Rule
                          APIs
                          • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0102D608
                          • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0102D645
                          • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0102D650
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CloseControlCreateDeviceFileHandle
                          • String ID:
                          • API String ID: 33631002-0
                          • Opcode ID: 081fe24d883ee94caa97a9a8dd495e6e45877f7335b3a6ef79f7353a1184f91b
                          • Instruction ID: 45a2c2ff636f757b1feec2c4afd981bc064784261e1f4e3c7a608e08d16ff3ac
                          • Opcode Fuzzy Hash: 081fe24d883ee94caa97a9a8dd495e6e45877f7335b3a6ef79f7353a1184f91b
                          • Instruction Fuzzy Hash: 34117071E01328BBEB208F989848FAFBFBCEB49B50F104151F954E7280C2744A018BA1
                          Function 01021663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                          Download Yara Rule
                          APIs
                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0102168C
                          • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 010216A1
                          • FreeSid.ADVAPI32(?), ref: 010216B1
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: AllocateCheckFreeInitializeMembershipToken
                          • String ID:
                          • API String ID: 3429775523-0
                          • Opcode ID: 7a95b4de2922ae3fbe4de3b933d3fde1060eafc29aefa36f6be14e033e88adb7
                          • Instruction ID: d23374d075362a99a9d72787023174c54b349fceea399817a199102c835db8bd
                          • Opcode Fuzzy Hash: 7a95b4de2922ae3fbe4de3b933d3fde1060eafc29aefa36f6be14e033e88adb7
                          • Instruction Fuzzy Hash: 0EF0177195030DBBEF10DFE4D989EAEBBBCFB08604F5045A5F501E2181E775AA448B50
                          Function 0101D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                          Download Yara Rule
                          APIs
                          • GetUserNameW.ADVAPI32(?,?), ref: 0101D28C
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: NameUser
                          • String ID: X64
                          • API String ID: 2645101109-893830106
                          • Opcode ID: 6835fa94032d5875fc1a5e222b0a598a6a5adaa62c7fcc93458457f52c3a6ed5
                          • Instruction ID: 608f7ef7b891dd94e23563f7082def4bc37fc6f39ff025bddbf41fbc7bf191b6
                          • Opcode Fuzzy Hash: 6835fa94032d5875fc1a5e222b0a598a6a5adaa62c7fcc93458457f52c3a6ed5
                          • Instruction Fuzzy Hash: C9D0C9B580121DEACF90DA90D88CDDEB3BCFB14305F000152F146A2104D77895488F10
                          Function 00FECAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                          • Instruction ID: d08603ae0ca4951b2df1bbf2634cc82bc7e6675d4a60f8f8fdf9b8053ccda9a0
                          • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                          • Instruction Fuzzy Hash: BE021E72E012599FDF14CFA9C8806ADFBF1EF48324F25416AE919E7380D731A9429BD4
                          Function 010368EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                          Download Yara Rule
                          APIs
                          • FindFirstFileW.KERNEL32(?,?), ref: 01036918
                          • FindClose.KERNEL32(00000000), ref: 01036961
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Find$CloseFileFirst
                          • String ID:
                          • API String ID: 2295610775-0
                          • Opcode ID: 584c9afaf52ae5682574c406cb1aa36ffa2db2c15a0c067c6cab76bba909d8eb
                          • Instruction ID: 6febd01ab2f9c91856129150349f55e2957873abcef19cebde7ce7387e746442
                          • Opcode Fuzzy Hash: 584c9afaf52ae5682574c406cb1aa36ffa2db2c15a0c067c6cab76bba909d8eb
                          • Instruction Fuzzy Hash: 6C1193316042019FD710DF29D489E16BBE9FF85328F04C69DE5A98F6A2C735ED05CB91
                          Function 010337B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,01044891,?,?,00000035,?), ref: 010337E4
                          • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,01044891,?,?,00000035,?), ref: 010337F4
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorFormatLastMessage
                          • String ID:
                          • API String ID: 3479602957-0
                          • Opcode ID: 6c064ccbfb8d9a37f27068511ad4f33e79b21f8aebc69ee65201b966457c18d0
                          • Instruction ID: 833fed41ab56315a35741aa6db471b025caaa71ad9b18fb53b1ed05454983094
                          • Opcode Fuzzy Hash: 6c064ccbfb8d9a37f27068511ad4f33e79b21f8aebc69ee65201b966457c18d0
                          • Instruction Fuzzy Hash: EEF0E5706043292AE73156668D8DFEB3AAEFFC4761F0001A5F509D2285D9609904C7B0
                          Function 0102B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                          Download Yara Rule
                          APIs
                          • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0102B25D
                          • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 0102B270
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: InputSendkeybd_event
                          • String ID:
                          • API String ID: 3536248340-0
                          • Opcode ID: 204c725394d5a1df06ac66f6eb7f22480960a5604231a8146a32de4cf10bb1df
                          • Instruction ID: f538fa4fc05bfe5e634ab75b185344a0da3a9944b0e6fbae2387bb50bfd25764
                          • Opcode Fuzzy Hash: 204c725394d5a1df06ac66f6eb7f22480960a5604231a8146a32de4cf10bb1df
                          • Instruction Fuzzy Hash: 83F01D7180434DABEB159FA4C805BAE7FB4FF05309F008049F995A5192C7798255DF94
                          Function 010210BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                          Download Yara Rule
                          APIs
                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,010211FC), ref: 010210D4
                          • CloseHandle.KERNEL32(?,?,010211FC), ref: 010210E9
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: AdjustCloseHandlePrivilegesToken
                          • String ID:
                          • API String ID: 81990902-0
                          • Opcode ID: 36257dc92b5e55d1bcd90ba7724ffb4a3516328e634c4392feb5321bf978f87b
                          • Instruction ID: b30e900a6308abe64fd4218db5345f6a3a91ab5cdfeecb520f5c6ad49050b198
                          • Opcode Fuzzy Hash: 36257dc92b5e55d1bcd90ba7724ffb4a3516328e634c4392feb5321bf978f87b
                          • Instruction Fuzzy Hash: 11E04F32004710AEF7252B51FC05E777BEEEB04310B14882EF5A6804B5DB666C90EB50
                          Function 00FCCAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                          Download Yara Rule
                          Strings
                          • Variable is not of type 'Object'., xrefs: 01010C40
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID: Variable is not of type 'Object'.
                          • API String ID: 0-1840281001
                          • Opcode ID: c4222590265dbf0792531df9e1bfe758ee22a8a329b6fea7da5b03ccbe62df6d
                          • Instruction ID: 2b53f1eadf3511478ee7b15b90b8eb8923e17de52b7e26059d47b76c47451010
                          • Opcode Fuzzy Hash: c4222590265dbf0792531df9e1bfe758ee22a8a329b6fea7da5b03ccbe62df6d
                          • Instruction Fuzzy Hash: B532B37190021ADFDF14DF94CA82FEDB7B5BF05304F14405DE88AAB286C779A945EBA0
                          Function 00FF676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00FF6766,?,?,00000008,?,?,00FFFEFE,00000000), ref: 00FF6998
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ExceptionRaise
                          • String ID:
                          • API String ID: 3997070919-0
                          • Opcode ID: 7ba4a0d5e85085df9fe3aa6371106e1bc1ccc783735cd3002781d6c5fa2be061
                          • Instruction ID: 354313f1f0b777b3f85ca43f3417393b60c1e1503177cbae3b6d1a13fdb4a6cb
                          • Opcode Fuzzy Hash: 7ba4a0d5e85085df9fe3aa6371106e1bc1ccc783735cd3002781d6c5fa2be061
                          • Instruction Fuzzy Hash: C7B15B32A106089FD715CF28C48AB657BE0FF05364F25865CE999CF2B2CB35E981DB40
                          Function 00FDB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID: 0-3916222277
                          • Opcode ID: e43d8da97d70a584d342ceb44586fd7867e9ce1f3820b29c6046ec341de75371
                          • Instruction ID: 977a22e6205ed0a2b4300059dca93592301f2cbc33fbe50f6cf017fe6932540e
                          • Opcode Fuzzy Hash: e43d8da97d70a584d342ceb44586fd7867e9ce1f3820b29c6046ec341de75371
                          • Instruction Fuzzy Hash: 2A125D71D00229DBDB65CF58C880BEEB7F5FF48310F15819AE849EB255E7349A81DB90
                          Function 0103EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                          Download Yara Rule
                          APIs
                          • BlockInput.USER32(00000001), ref: 0103EABD
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: BlockInput
                          • String ID:
                          • API String ID: 3456056419-0
                          • Opcode ID: 3026ffd2eeb6bcdf85937ec0327aefa22db031fdaca3ce945ce2c3ebed43c290
                          • Instruction ID: e4caa2fd11fa2a5ae3331847a59755932deb3314ffd0be5a6dbeaaa0ed366e34
                          • Opcode Fuzzy Hash: 3026ffd2eeb6bcdf85937ec0327aefa22db031fdaca3ce945ce2c3ebed43c290
                          • Instruction Fuzzy Hash: D0E01A352002059FD710EF59D905E9AB7EDAF98760F00841AFC89C7351DA75B8418BA0
                          Function 0102E355 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                          Download Yara Rule
                          APIs
                          • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 0102E37E
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: mouse_event
                          • String ID:
                          • API String ID: 2434400541-0
                          • Opcode ID: 54abe1903e54824b5d4b103af54dc5d27a47f0829287d2ed68826575aaf1747b
                          • Instruction ID: edb7a0af1bfd72eb959b9be999aee05d153338ddd201999149cf4042f5612141
                          • Opcode Fuzzy Hash: 54abe1903e54824b5d4b103af54dc5d27a47f0829287d2ed68826575aaf1747b
                          • Instruction Fuzzy Hash: 19D05EF25D03213DFBBD0A3CCE2FF7A698CE302583F40D789F2C289689DA91A4444021
                          Function 00FE09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                          Download Yara Rule
                          APIs
                          • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00FE03EE), ref: 00FE09DA
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ExceptionFilterUnhandled
                          • String ID:
                          • API String ID: 3192549508-0
                          • Opcode ID: 2a545b325d62e647a4ed04d6cd805365feb3d5a00192d4b91272cfc7b9e86173
                          • Instruction ID: 07aa1ab62765a13b2e25c995c4884a53ef6c5973b04f1a1df51445acaea972c4
                          • Opcode Fuzzy Hash: 2a545b325d62e647a4ed04d6cd805365feb3d5a00192d4b91272cfc7b9e86173
                          • Instruction Fuzzy Hash:
                          Function 00FE781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0
                          • API String ID: 0-4108050209
                          • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                          • Instruction ID: d3076e0523725e7661ee0f5526f578af9a583801f9a89f118c2c194249c1b9ae
                          • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                          • Instruction Fuzzy Hash: 4E515772E0C7C55ADB38B56B88597BF63899F22360F280519D886C7293C619DF06F352
                          Function 00FF6DD9 Relevance: .6, Instructions: 637COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 69df661e144dc3a2317659699be4f6770122f2617192f9cc97a372e596f9e298
                          • Instruction ID: 09e77f15e3bf31845954a39c74bab6001de4587581a68be259e8834dff5ed2df
                          • Opcode Fuzzy Hash: 69df661e144dc3a2317659699be4f6770122f2617192f9cc97a372e596f9e298
                          • Instruction Fuzzy Hash: A7324532D29F054DD723A534D822335A249AFB73D5F19D737F81AB5AB9EB2AC4835200
                          Function 00FDCC39 Relevance: .6, Instructions: 635COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: adf033b86711acc4b08b57c169fc7d584d4094a29be09e56e7a53cdff734ac78
                          • Instruction ID: 44e44a2b80ebf2548dbafc9a50a7d9053ef81ef848a4d804c3f0b50e11c1dcea
                          • Opcode Fuzzy Hash: adf033b86711acc4b08b57c169fc7d584d4094a29be09e56e7a53cdff734ac78
                          • Instruction Fuzzy Hash: 9A321532A441868BFF24CE2CC6946BD7BE2FB45314F5885ABD6C5CB289D238DC81DB41
                          Function 00FC7920 Relevance: .6, Instructions: 563COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1fa77adae676d37bbe6b270dec25c71da9a3b74de4b99df8c5ec7352d3577b44
                          • Instruction ID: 613a6e0f872cd6521dd16cdb7d0693c456e42dd18dce01799eed0921fc69fd05
                          • Opcode Fuzzy Hash: 1fa77adae676d37bbe6b270dec25c71da9a3b74de4b99df8c5ec7352d3577b44
                          • Instruction Fuzzy Hash: 0322B070A0420A9FEF15DF68CD42BAEB7F6FF44300F144529E856A7291EB3AA914DF50
                          Function 00FC91C0 Relevance: .5, Instructions: 475COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7703381bda8a533e66f3f546496f112ed20dbe501a6a72de230146d9cb0f6263
                          • Instruction ID: d177964b134e96d0cad2ff45b016fb60ab732028549560e7d5523c76f37f48f4
                          • Opcode Fuzzy Hash: 7703381bda8a533e66f3f546496f112ed20dbe501a6a72de230146d9cb0f6263
                          • Instruction Fuzzy Hash: 1202E5B1E0020AEBDB05DF54D981FAEB7B1FF44300F108569E846AB391EB35EA55DB90
                          Function 00FF9EEE Relevance: .3, Instructions: 294COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 82902383dfbac00c5c5b8010ca0f2be107a46c31e6790ee30046f4205a356c66
                          • Instruction ID: d7fa066e965204c49bc83e5177812dd3021db1521806f4314ba6f97b163ee36b
                          • Opcode Fuzzy Hash: 82902383dfbac00c5c5b8010ca0f2be107a46c31e6790ee30046f4205a356c66
                          • Instruction Fuzzy Hash: DCB1E230D2AF504DD22396398431336B65CBFBB6D5F51D31BFC5A78E66EB2685834280
                          Function 00FE1C77 Relevance: .3, Instructions: 254COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                          • Instruction ID: 43484d9248cd1a29405e2a6242537ee91be5855fa17e774d44db07b80a65266d
                          • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                          • Instruction Fuzzy Hash: B4915773A080E349DB29463F857457EFFE16A923B131A079EE4F2CA1C5EE349954F620
                          Function 00FE1F32 Relevance: .2, Instructions: 244COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                          • Instruction ID: 7be6fdec552788ff537ed4737b04b4cdb89a206e0b443f1f6d4955877d888cb8
                          • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                          • Instruction Fuzzy Hash: 3B916573A090E349DB69463B887413EFFE55A923B131A079ED4F2CB1C5FE248A54F620
                          Function 00FE19B0 Relevance: .2, Instructions: 240COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                          • Instruction ID: a437e2e9f4909046052c1998d455bbe8649adfc48c261b100111ff3f8ffcda7e
                          • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                          • Instruction Fuzzy Hash: 709122736090E34ADB69467B857407EFFE16A927B131A07AED4F2CA1C1FE348564F620
                          Function 00FE7A4A Relevance: .2, Instructions: 237COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7175a011beb3dbab2e0ead8a57e0e07cd4eb43a3a8aa4924bf7477eb555d4efc
                          • Instruction ID: 44a8783052f87231bf1ada67da925c2f608be6742d1817815eb67942b10368e6
                          • Opcode Fuzzy Hash: 7175a011beb3dbab2e0ead8a57e0e07cd4eb43a3a8aa4924bf7477eb555d4efc
                          • Instruction Fuzzy Hash: A6617D31E087C956DA34B92F4C55BBF3394DF81B60F20092EE843CB2A5D6199E43B315
                          Function 00FE7CA7 Relevance: .2, Instructions: 237COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6ae835cbc875afe3cb709b5258a32d403468c1154cb1db2314d2cd2d104754d3
                          • Instruction ID: fd13c5872ec2815bca2ab240658ae13ee35c7c430b1caa552470d640ead6c463
                          • Opcode Fuzzy Hash: 6ae835cbc875afe3cb709b5258a32d403468c1154cb1db2314d2cd2d104754d3
                          • Instruction Fuzzy Hash: D0618C71E0C7C966DE38792B4C91BBF338ADF42760F14095AE943CB281DA16AD42B315
                          Function 00FE1706 Relevance: .2, Instructions: 232COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                          • Instruction ID: 6727b7b9ac030c156ceb72b34f2f726604f9acb74b6c09738b10ced8660034f6
                          • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                          • Instruction Fuzzy Hash: A4813173A090E349DB69463B857447EFFE17A923B131A079DD4F2CA1C1EE349654F620
                          Function 01032046 Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e72f7951565bf158f85638cbe203f9465f9501a85e4f6c57d7911be7e19c39e3
                          • Instruction ID: 3bb6ba3168c1717527b5c4748e342c11e3bc52c146769921f93703c8ac6f391d
                          • Opcode Fuzzy Hash: e72f7951565bf158f85638cbe203f9465f9501a85e4f6c57d7911be7e19c39e3
                          • Instruction Fuzzy Hash: 0821BB326215118BD728CE79C82267EB3D9B794310F15866EE4E7C77C5DE3AA904C780
                          Function 01042ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                          Download Yara Rule
                          APIs
                          • DeleteObject.GDI32(00000000), ref: 01042B30
                          • DeleteObject.GDI32(00000000), ref: 01042B43
                          • DestroyWindow.USER32 ref: 01042B52
                          • GetDesktopWindow.USER32 ref: 01042B6D
                          • GetWindowRect.USER32(00000000), ref: 01042B74
                          • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 01042CA3
                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 01042CB1
                          • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01042CF8
                          • GetClientRect.USER32(00000000,?), ref: 01042D04
                          • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 01042D40
                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01042D62
                          • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01042D75
                          • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01042D80
                          • GlobalLock.KERNEL32(00000000), ref: 01042D89
                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01042D98
                          • GlobalUnlock.KERNEL32(00000000), ref: 01042DA1
                          • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01042DA8
                          • GlobalFree.KERNEL32(00000000), ref: 01042DB3
                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01042DC5
                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,0105FC38,00000000), ref: 01042DDB
                          • GlobalFree.KERNEL32(00000000), ref: 01042DEB
                          • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 01042E11
                          • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 01042E30
                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01042E52
                          • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0104303F
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                          • String ID: $AutoIt v3$DISPLAY$static
                          • API String ID: 2211948467-2373415609
                          • Opcode ID: 82e9476434833e86ff5a114f90bed55c8827ad85320438cd50881f6f5473c312
                          • Instruction ID: 789e72ef46ab67acddda58bcff33a066200c627709fe256cb874bd805592c40f
                          • Opcode Fuzzy Hash: 82e9476434833e86ff5a114f90bed55c8827ad85320438cd50881f6f5473c312
                          • Instruction Fuzzy Hash: 81028EB5600209AFEB24DF64DD89EAF7BB9FB48310F048558F955AB294C739AD00CB60
                          Function 010570D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                          Download Yara Rule
                          APIs
                          • SetTextColor.GDI32(?,00000000), ref: 0105712F
                          • GetSysColorBrush.USER32(0000000F), ref: 01057160
                          • GetSysColor.USER32(0000000F), ref: 0105716C
                          • SetBkColor.GDI32(?,000000FF), ref: 01057186
                          • SelectObject.GDI32(?,?), ref: 01057195
                          • InflateRect.USER32(?,000000FF,000000FF), ref: 010571C0
                          • GetSysColor.USER32(00000010), ref: 010571C8
                          • CreateSolidBrush.GDI32(00000000), ref: 010571CF
                          • FrameRect.USER32(?,?,00000000), ref: 010571DE
                          • DeleteObject.GDI32(00000000), ref: 010571E5
                          • InflateRect.USER32(?,000000FE,000000FE), ref: 01057230
                          • FillRect.USER32(?,?,?), ref: 01057262
                          • GetWindowLongW.USER32(?,000000F0), ref: 01057284
                            • Part of subcall function 010573E8: GetSysColor.USER32(00000012), ref: 01057421
                            • Part of subcall function 010573E8: SetTextColor.GDI32(?,?), ref: 01057425
                            • Part of subcall function 010573E8: GetSysColorBrush.USER32(0000000F), ref: 0105743B
                            • Part of subcall function 010573E8: GetSysColor.USER32(0000000F), ref: 01057446
                            • Part of subcall function 010573E8: GetSysColor.USER32(00000011), ref: 01057463
                            • Part of subcall function 010573E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 01057471
                            • Part of subcall function 010573E8: SelectObject.GDI32(?,00000000), ref: 01057482
                            • Part of subcall function 010573E8: SetBkColor.GDI32(?,00000000), ref: 0105748B
                            • Part of subcall function 010573E8: SelectObject.GDI32(?,?), ref: 01057498
                            • Part of subcall function 010573E8: InflateRect.USER32(?,000000FF,000000FF), ref: 010574B7
                            • Part of subcall function 010573E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 010574CE
                            • Part of subcall function 010573E8: GetWindowLongW.USER32(00000000,000000F0), ref: 010574DB
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                          • String ID:
                          • API String ID: 4124339563-0
                          • Opcode ID: 9cdf107969a5d380be49203dc47e7e86fbd0e0e9741f2c6e34f9d535b5f948ad
                          • Instruction ID: ca04069cb80884e2ff3a99df831c2b1924af4190cefe66d7ff4347fb6dd273a2
                          • Opcode Fuzzy Hash: 9cdf107969a5d380be49203dc47e7e86fbd0e0e9741f2c6e34f9d535b5f948ad
                          • Instruction Fuzzy Hash: FFA1C072008301AFEB619F64DD48E5BBBE9FB49320F500A19FAE2961D0D73AD944DB51
                          Function 00FD8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                          Download Yara Rule
                          APIs
                          • DestroyWindow.USER32(?,?), ref: 00FD8E14
                          • SendMessageW.USER32(?,00001308,?,00000000), ref: 01016AC5
                          • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 01016AFE
                          • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 01016F43
                            • Part of subcall function 00FD8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00FD8BE8,?,00000000,?,?,?,?,00FD8BBA,00000000,?), ref: 00FD8FC5
                          • SendMessageW.USER32(?,00001053), ref: 01016F7F
                          • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 01016F96
                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 01016FAC
                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 01016FB7
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                          • String ID: 0
                          • API String ID: 2760611726-4108050209
                          • Opcode ID: 4b75feb04920239a5e12b11e5535ef9cc4b1e5835a04b29fddb8e95cabdec98c
                          • Instruction ID: 4e4aa430e69d626ed9506de72323e62cc59b2801452718bdb23f0d25f514dc46
                          • Opcode Fuzzy Hash: 4b75feb04920239a5e12b11e5535ef9cc4b1e5835a04b29fddb8e95cabdec98c
                          • Instruction Fuzzy Hash: C712E031600201EFDB22CF18C984BA6BBE6FB44310F5844A9F5D58B259CB7BE892DF51
                          Function 01042711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                          Download Yara Rule
                          APIs
                          • DestroyWindow.USER32(00000000), ref: 0104273E
                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0104286A
                          • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 010428A9
                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 010428B9
                          • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 01042900
                          • GetClientRect.USER32(00000000,?), ref: 0104290C
                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 01042955
                          • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 01042964
                          • GetStockObject.GDI32(00000011), ref: 01042974
                          • SelectObject.GDI32(00000000,00000000), ref: 01042978
                          • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 01042988
                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01042991
                          • DeleteDC.GDI32(00000000), ref: 0104299A
                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 010429C6
                          • SendMessageW.USER32(00000030,00000000,00000001), ref: 010429DD
                          • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 01042A1D
                          • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 01042A31
                          • SendMessageW.USER32(00000404,00000001,00000000), ref: 01042A42
                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 01042A77
                          • GetStockObject.GDI32(00000011), ref: 01042A82
                          • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 01042A8D
                          • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 01042A97
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                          • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                          • API String ID: 2910397461-517079104
                          • Opcode ID: 329c6572bd57726bc442b526fd2111d0654b2453da57874ae4deaacd0c446578
                          • Instruction ID: e0ef44f62c2f4288697b5e6cdc374dfaaa8e2d3043f1bbec04efe15dc2c4c8a0
                          • Opcode Fuzzy Hash: 329c6572bd57726bc442b526fd2111d0654b2453da57874ae4deaacd0c446578
                          • Instruction Fuzzy Hash: 8BB14CB1A00205AFEB24DF68DD86FAF7BB9FB08710F008558F955E7290D775A940CB64
                          Function 01034ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                          Download Yara Rule
                          APIs
                          • SetErrorMode.KERNEL32(00000001), ref: 01034AED
                          • GetDriveTypeW.KERNEL32(?,0105CB68,?,\\.\,0105CC08), ref: 01034BCA
                          • SetErrorMode.KERNEL32(00000000,0105CB68,?,\\.\,0105CC08), ref: 01034D36
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorMode$DriveType
                          • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                          • API String ID: 2907320926-4222207086
                          • Opcode ID: 30e18d0b6fb1e53db457410205f579521ee63f552a5eaa700ee582e001d2dc77
                          • Instruction ID: 1e6e831b9a1810537b8608c90997c37fc1f6f17d55365e984c6b63b1fad8b943
                          • Opcode Fuzzy Hash: 30e18d0b6fb1e53db457410205f579521ee63f552a5eaa700ee582e001d2dc77
                          • Instruction Fuzzy Hash: 9D61D430A1820ADBCB84FF19CA86D6D77E9EB84300B148459F8C6EF252DB76DD85CB41
                          Function 010573E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetSysColor.USER32(00000012), ref: 01057421
                          • SetTextColor.GDI32(?,?), ref: 01057425
                          • GetSysColorBrush.USER32(0000000F), ref: 0105743B
                          • GetSysColor.USER32(0000000F), ref: 01057446
                          • CreateSolidBrush.GDI32(?), ref: 0105744B
                          • GetSysColor.USER32(00000011), ref: 01057463
                          • CreatePen.GDI32(00000000,00000001,00743C00), ref: 01057471
                          • SelectObject.GDI32(?,00000000), ref: 01057482
                          • SetBkColor.GDI32(?,00000000), ref: 0105748B
                          • SelectObject.GDI32(?,?), ref: 01057498
                          • InflateRect.USER32(?,000000FF,000000FF), ref: 010574B7
                          • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 010574CE
                          • GetWindowLongW.USER32(00000000,000000F0), ref: 010574DB
                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0105752A
                          • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 01057554
                          • InflateRect.USER32(?,000000FD,000000FD), ref: 01057572
                          • DrawFocusRect.USER32(?,?), ref: 0105757D
                          • GetSysColor.USER32(00000011), ref: 0105758E
                          • SetTextColor.GDI32(?,00000000), ref: 01057596
                          • DrawTextW.USER32(?,010570F5,000000FF,?,00000000), ref: 010575A8
                          • SelectObject.GDI32(?,?), ref: 010575BF
                          • DeleteObject.GDI32(?), ref: 010575CA
                          • SelectObject.GDI32(?,?), ref: 010575D0
                          • DeleteObject.GDI32(?), ref: 010575D5
                          • SetTextColor.GDI32(?,?), ref: 010575DB
                          • SetBkColor.GDI32(?,?), ref: 010575E5
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                          • String ID:
                          • API String ID: 1996641542-0
                          • Opcode ID: e5e577d05ea710fc3fce35321d1aea3d95563603d60254c23e3dc43c97fc68ad
                          • Instruction ID: 6060bf5fcd5e182c3553fde11e2f04cf2228b927e4ecb8544467c5e6e4e7233f
                          • Opcode Fuzzy Hash: e5e577d05ea710fc3fce35321d1aea3d95563603d60254c23e3dc43c97fc68ad
                          • Instruction Fuzzy Hash: EA618B76900318AFEF119FA8DD48EAFBFB9EB09320F144111FA51AB291D7799940DF90
                          Function 01050FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetCursorPos.USER32(?), ref: 01051128
                          • GetDesktopWindow.USER32 ref: 0105113D
                          • GetWindowRect.USER32(00000000), ref: 01051144
                          • GetWindowLongW.USER32(?,000000F0), ref: 01051199
                          • DestroyWindow.USER32(?), ref: 010511B9
                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 010511ED
                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0105120B
                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0105121D
                          • SendMessageW.USER32(00000000,00000421,?,?), ref: 01051232
                          • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 01051245
                          • IsWindowVisible.USER32(00000000), ref: 010512A1
                          • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 010512BC
                          • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 010512D0
                          • GetWindowRect.USER32(00000000,?), ref: 010512E8
                          • MonitorFromPoint.USER32(?,?,00000002), ref: 0105130E
                          • GetMonitorInfoW.USER32(00000000,?), ref: 01051328
                          • CopyRect.USER32(?,?), ref: 0105133F
                          • SendMessageW.USER32(00000000,00000412,00000000), ref: 010513AA
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                          • String ID: ($0$tooltips_class32
                          • API String ID: 698492251-4156429822
                          • Opcode ID: 9c19c014065b880b5282ef2a52eb8468259bd55f9ab5a80dba6eefd3d8b16364
                          • Instruction ID: 1c2b69344d8a0f295953e99213ca2f50275e59dff825986820b0fbc8b6326440
                          • Opcode Fuzzy Hash: 9c19c014065b880b5282ef2a52eb8468259bd55f9ab5a80dba6eefd3d8b16364
                          • Instruction Fuzzy Hash: 53B17B71608341AFE750DF68C985B6BBBE4FF88350F00895CF9999B291C775E844CBA1
                          Function 00FD8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                          Download Yara Rule
                          APIs
                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00FD8968
                          • GetSystemMetrics.USER32(00000007), ref: 00FD8970
                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00FD899B
                          • GetSystemMetrics.USER32(00000008), ref: 00FD89A3
                          • GetSystemMetrics.USER32(00000004), ref: 00FD89C8
                          • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00FD89E5
                          • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00FD89F5
                          • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00FD8A28
                          • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00FD8A3C
                          • GetClientRect.USER32(00000000,000000FF), ref: 00FD8A5A
                          • GetStockObject.GDI32(00000011), ref: 00FD8A76
                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 00FD8A81
                            • Part of subcall function 00FD912D: GetCursorPos.USER32(?), ref: 00FD9141
                            • Part of subcall function 00FD912D: ScreenToClient.USER32(00000000,?), ref: 00FD915E
                            • Part of subcall function 00FD912D: GetAsyncKeyState.USER32(00000001), ref: 00FD9183
                            • Part of subcall function 00FD912D: GetAsyncKeyState.USER32(00000002), ref: 00FD919D
                          • SetTimer.USER32(00000000,00000000,00000028,00FD90FC), ref: 00FD8AA8
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                          • String ID: AutoIt v3 GUI
                          • API String ID: 1458621304-248962490
                          • Opcode ID: 55357c8c22aff153fd93e1da7a48862440e1096ca4d450a07736e4a66ce6eccb
                          • Instruction ID: 4eb4f241528e19fcef9be24c11f9ac05f0c2e3167365c9b84bc3f4eefff2442c
                          • Opcode Fuzzy Hash: 55357c8c22aff153fd93e1da7a48862440e1096ca4d450a07736e4a66ce6eccb
                          • Instruction Fuzzy Hash: 82B1A171A0030AAFDF14DFA8CD55BAE3BB5FB48320F04421AFA95A7284DB79D841DB51
                          Function 01020D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 010210F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 01021114
                            • Part of subcall function 010210F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,01020B9B,?,?,?), ref: 01021120
                            • Part of subcall function 010210F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,01020B9B,?,?,?), ref: 0102112F
                            • Part of subcall function 010210F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,01020B9B,?,?,?), ref: 01021136
                            • Part of subcall function 010210F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0102114D
                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 01020DF5
                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 01020E29
                          • GetLengthSid.ADVAPI32(?), ref: 01020E40
                          • GetAce.ADVAPI32(?,00000000,?), ref: 01020E7A
                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 01020E96
                          • GetLengthSid.ADVAPI32(?), ref: 01020EAD
                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 01020EB5
                          • HeapAlloc.KERNEL32(00000000), ref: 01020EBC
                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 01020EDD
                          • CopySid.ADVAPI32(00000000), ref: 01020EE4
                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 01020F13
                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 01020F35
                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 01020F47
                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01020F6E
                          • HeapFree.KERNEL32(00000000), ref: 01020F75
                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01020F7E
                          • HeapFree.KERNEL32(00000000), ref: 01020F85
                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01020F8E
                          • HeapFree.KERNEL32(00000000), ref: 01020F95
                          • GetProcessHeap.KERNEL32(00000000,?), ref: 01020FA1
                          • HeapFree.KERNEL32(00000000), ref: 01020FA8
                            • Part of subcall function 01021193: GetProcessHeap.KERNEL32(00000008,01020BB1,?,00000000,?,01020BB1,?), ref: 010211A1
                            • Part of subcall function 01021193: HeapAlloc.KERNEL32(00000000,?,00000000,?,01020BB1,?), ref: 010211A8
                            • Part of subcall function 01021193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,01020BB1,?), ref: 010211B7
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                          • String ID:
                          • API String ID: 4175595110-0
                          • Opcode ID: 0d7c4306cb32acf1b9620aed3aef29cbdf605db5fee6bebfcd7a1004a03a58f5
                          • Instruction ID: 414c80a5f7cdc4de5d17ac9ae55a5a01caea83c3c4390766499f9a85f0d528a3
                          • Opcode Fuzzy Hash: 0d7c4306cb32acf1b9620aed3aef29cbdf605db5fee6bebfcd7a1004a03a58f5
                          • Instruction Fuzzy Hash: 8A71697290031AABEF609FA8DD48FAFBBBCFF05310F044155FA99A6184D7359A05CB60
                          Function 0104C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                          Download Yara Rule
                          APIs
                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0104C4BD
                          • RegCreateKeyExW.ADVAPI32(?,?,00000000,0105CC08,00000000,?,00000000,?,?), ref: 0104C544
                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0104C5A4
                          • _wcslen.LIBCMT ref: 0104C5F4
                          • _wcslen.LIBCMT ref: 0104C66F
                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0104C6B2
                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0104C7C1
                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0104C84D
                          • RegCloseKey.ADVAPI32(?), ref: 0104C881
                          • RegCloseKey.ADVAPI32(00000000), ref: 0104C88E
                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0104C960
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                          • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                          • API String ID: 9721498-966354055
                          • Opcode ID: f21f241aa135b46b02192bda49d3b69a65fe51e661f1b86d8389a30e60d9f738
                          • Instruction ID: 9df99fcb117d2011496336e80a294ca21af3ab1e7a82ad56480ba77429ffa7b0
                          • Opcode Fuzzy Hash: f21f241aa135b46b02192bda49d3b69a65fe51e661f1b86d8389a30e60d9f738
                          • Instruction Fuzzy Hash: 4A124B756042019FE714DF14C981F2AB7E5EF88714F1888ACF98A9B3A2DB35ED41DB81
                          Function 0105091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                          Download Yara Rule
                          APIs
                          • CharUpperBuffW.USER32(?,?), ref: 010509C6
                          • _wcslen.LIBCMT ref: 01050A01
                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 01050A54
                          • _wcslen.LIBCMT ref: 01050A8A
                          • _wcslen.LIBCMT ref: 01050B06
                          • _wcslen.LIBCMT ref: 01050B81
                            • Part of subcall function 00FDF9F2: _wcslen.LIBCMT ref: 00FDF9FD
                            • Part of subcall function 01022BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 01022BFA
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen$MessageSend$BuffCharUpper
                          • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                          • API String ID: 1103490817-4258414348
                          • Opcode ID: 451f02f370641aa4d40a2d92952e30288b1d0ee97fcb45654d10dbe1f85a4a8f
                          • Instruction ID: 208526a9c86517e27150ffca01073d64b12efeec6e6b32476861f145fd2a1e46
                          • Opcode Fuzzy Hash: 451f02f370641aa4d40a2d92952e30288b1d0ee97fcb45654d10dbe1f85a4a8f
                          • Instruction Fuzzy Hash: 63E18C312083028FC754EF28C99196EB7E2BF88314B14899DF8D69B36AD735ED45CB91
                          Function 0104C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen$BuffCharUpper
                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                          • API String ID: 1256254125-909552448
                          • Opcode ID: aa8097ff272fdbefb87d527afbea3e3b6ed09f0a6ba49b7ad891324d21139d7f
                          • Instruction ID: 9be53028545611bc08cccb4472303e906d30a10ed9bd862f963be31e4cebd335
                          • Opcode Fuzzy Hash: aa8097ff272fdbefb87d527afbea3e3b6ed09f0a6ba49b7ad891324d21139d7f
                          • Instruction Fuzzy Hash: A77116B26011268BEB21EE7CCED15BE33D1AF50658F1405B8F8D2A7286EA35CD54D3A0
                          Function 0105833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                          Download Yara Rule
                          APIs
                          • _wcslen.LIBCMT ref: 0105835A
                          • _wcslen.LIBCMT ref: 0105836E
                          • _wcslen.LIBCMT ref: 01058391
                          • _wcslen.LIBCMT ref: 010583B4
                          • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 010583F2
                          • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0105361A,?), ref: 0105844E
                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 01058487
                          • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 010584CA
                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 01058501
                          • FreeLibrary.KERNEL32(?), ref: 0105850D
                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0105851D
                          • DestroyIcon.USER32(?), ref: 0105852C
                          • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 01058549
                          • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 01058555
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                          • String ID: .dll$.exe$.icl
                          • API String ID: 799131459-1154884017
                          • Opcode ID: 49cfcd308f113b8c976a0af7fe2e1b7589799a9d4a81ae9a48a9768e1f6cb27c
                          • Instruction ID: 765c0a873130c83775b5ea9eca32b75b087f5a599f2cb9d46ca5eba66ea43632
                          • Opcode Fuzzy Hash: 49cfcd308f113b8c976a0af7fe2e1b7589799a9d4a81ae9a48a9768e1f6cb27c
                          • Instruction Fuzzy Hash: B561F371900305BAEB64DF65CC41BBF7BACBB08711F10864AFD95D60D1DB78A980DBA0
                          Function 00FC7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                          • API String ID: 0-1645009161
                          • Opcode ID: c4f70a83dbd7f4fb37a88221ef97d12baa80a8aa0eca3adadf3618ee117ed884
                          • Instruction ID: fcf7541216843e4ce961162eba9dca8c2ad4a07aafccbcf76edea326698b87f6
                          • Opcode Fuzzy Hash: c4f70a83dbd7f4fb37a88221ef97d12baa80a8aa0eca3adadf3618ee117ed884
                          • Instruction Fuzzy Hash: E9812B71A04306BBEB11BF65CE43FAF3BA9AF15340F044029F945AB192EB74D911EB91
                          Function 01033E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                          Download Yara Rule
                          APIs
                          • CharLowerBuffW.USER32(?,?), ref: 01033EF8
                          • _wcslen.LIBCMT ref: 01033F03
                          • _wcslen.LIBCMT ref: 01033F5A
                          • _wcslen.LIBCMT ref: 01033F98
                          • GetDriveTypeW.KERNEL32(?), ref: 01033FD6
                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0103401E
                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 01034059
                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 01034087
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: SendString_wcslen$BuffCharDriveLowerType
                          • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                          • API String ID: 1839972693-4113822522
                          • Opcode ID: d4fd4af78cb9606132c8289d472f6a87ef520d2dae0eb8bb6e5d73bf93f5f71a
                          • Instruction ID: 928fe97a2c441c14f9660a0b30213eabb2c709f09d88f73714a7e80b3975e737
                          • Opcode Fuzzy Hash: d4fd4af78cb9606132c8289d472f6a87ef520d2dae0eb8bb6e5d73bf93f5f71a
                          • Instruction Fuzzy Hash: 3F71AE326082069FC310EF28C98196AB7E8FF84758F40496DF8D69B252EB35ED45CB91
                          Function 01025A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                          Download Yara Rule
                          APIs
                          • LoadIconW.USER32(00000063), ref: 01025A2E
                          • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 01025A40
                          • SetWindowTextW.USER32(?,?), ref: 01025A57
                          • GetDlgItem.USER32(?,000003EA), ref: 01025A6C
                          • SetWindowTextW.USER32(00000000,?), ref: 01025A72
                          • GetDlgItem.USER32(?,000003E9), ref: 01025A82
                          • SetWindowTextW.USER32(00000000,?), ref: 01025A88
                          • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 01025AA9
                          • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 01025AC3
                          • GetWindowRect.USER32(?,?), ref: 01025ACC
                          • _wcslen.LIBCMT ref: 01025B33
                          • SetWindowTextW.USER32(?,?), ref: 01025B6F
                          • GetDesktopWindow.USER32 ref: 01025B75
                          • GetWindowRect.USER32(00000000), ref: 01025B7C
                          • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 01025BD3
                          • GetClientRect.USER32(?,?), ref: 01025BE0
                          • PostMessageW.USER32(?,00000005,00000000,?), ref: 01025C05
                          • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 01025C2F
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                          • String ID:
                          • API String ID: 895679908-0
                          • Opcode ID: f1d53e02b00e1c7ea237f40532a1be3da06d89b6c5cf64ca27272bfea13c76b4
                          • Instruction ID: 7ff1fa5800c433a0c72fffcbe8eccf487e91d5ad33c04a5d81c98ef64393458d
                          • Opcode Fuzzy Hash: f1d53e02b00e1c7ea237f40532a1be3da06d89b6c5cf64ca27272bfea13c76b4
                          • Instruction Fuzzy Hash: BD718D31A00719AFDB21DFA8CE85AAEBBF9FF48704F104958E582A3590D775E940CF64
                          Function 0103FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                          Download Yara Rule
                          APIs
                          • LoadCursorW.USER32(00000000,00007F89), ref: 0103FE27
                          • LoadCursorW.USER32(00000000,00007F8A), ref: 0103FE32
                          • LoadCursorW.USER32(00000000,00007F00), ref: 0103FE3D
                          • LoadCursorW.USER32(00000000,00007F03), ref: 0103FE48
                          • LoadCursorW.USER32(00000000,00007F8B), ref: 0103FE53
                          • LoadCursorW.USER32(00000000,00007F01), ref: 0103FE5E
                          • LoadCursorW.USER32(00000000,00007F81), ref: 0103FE69
                          • LoadCursorW.USER32(00000000,00007F88), ref: 0103FE74
                          • LoadCursorW.USER32(00000000,00007F80), ref: 0103FE7F
                          • LoadCursorW.USER32(00000000,00007F86), ref: 0103FE8A
                          • LoadCursorW.USER32(00000000,00007F83), ref: 0103FE95
                          • LoadCursorW.USER32(00000000,00007F85), ref: 0103FEA0
                          • LoadCursorW.USER32(00000000,00007F82), ref: 0103FEAB
                          • LoadCursorW.USER32(00000000,00007F84), ref: 0103FEB6
                          • LoadCursorW.USER32(00000000,00007F04), ref: 0103FEC1
                          • LoadCursorW.USER32(00000000,00007F02), ref: 0103FECC
                          • GetCursorInfo.USER32(?), ref: 0103FEDC
                          • GetLastError.KERNEL32 ref: 0103FF1E
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Cursor$Load$ErrorInfoLast
                          • String ID:
                          • API String ID: 3215588206-0
                          • Opcode ID: 2f30bee8ff4d5fa9fb8b9521ba1ba94e14e8c2a3b8daaa49d0660f388a5dc615
                          • Instruction ID: 1e5c71dac791a446fef0f247d1adadba8b7dc0628437c6af8c842c024573423f
                          • Opcode Fuzzy Hash: 2f30bee8ff4d5fa9fb8b9521ba1ba94e14e8c2a3b8daaa49d0660f388a5dc615
                          • Instruction Fuzzy Hash: ED4170B0D0831AAEDB109FBA8C89C5EBFE8FF44314B50456AE55CE7281DB78A501CF91
                          Function 00FE00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                          Download Yara Rule
                          APIs
                          • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00FE00C6
                            • Part of subcall function 00FE00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0109070C,00000FA0,0F8D7F77,?,?,?,?,010023B3,000000FF), ref: 00FE011C
                            • Part of subcall function 00FE00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,010023B3,000000FF), ref: 00FE0127
                            • Part of subcall function 00FE00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,010023B3,000000FF), ref: 00FE0138
                            • Part of subcall function 00FE00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00FE014E
                            • Part of subcall function 00FE00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00FE015C
                            • Part of subcall function 00FE00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00FE016A
                            • Part of subcall function 00FE00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00FE0195
                            • Part of subcall function 00FE00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00FE01A0
                          • ___scrt_fastfail.LIBCMT ref: 00FE00E7
                            • Part of subcall function 00FE00A3: __onexit.LIBCMT ref: 00FE00A9
                          Strings
                          • WakeAllConditionVariable, xrefs: 00FE0162
                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00FE0122
                          • kernel32.dll, xrefs: 00FE0133
                          • InitializeConditionVariable, xrefs: 00FE0148
                          • SleepConditionVariableCS, xrefs: 00FE0154
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                          • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                          • API String ID: 66158676-1714406822
                          • Opcode ID: f508665f89de6b53fbc5c8e87d7a221249f2c91e9e7bebd301fa7b848d8b3a02
                          • Instruction ID: 2511fe76afbbba382923e06275fc1dc0fb7de6a578eeee1a36d893dc40ab9528
                          • Opcode Fuzzy Hash: f508665f89de6b53fbc5c8e87d7a221249f2c91e9e7bebd301fa7b848d8b3a02
                          • Instruction Fuzzy Hash: 9B212C32E453416BE7206B76AD05B2F73A9EB05B71F04012AF9819A248DFFD8C409BA0
                          Function 010230F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen
                          • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                          • API String ID: 176396367-1603158881
                          • Opcode ID: 3a3ffb6b1447b27d11736a63240bababf3fccdeaa75e9626cbcd5dc7872798f7
                          • Instruction ID: 157dacd096bfe8aba8e593b81ab71b9b1ab11b70027ab07d9ea76d88b2044e62
                          • Opcode Fuzzy Hash: 3a3ffb6b1447b27d11736a63240bababf3fccdeaa75e9626cbcd5dc7872798f7
                          • Instruction Fuzzy Hash: ABE10731A001369BCB599F68C851BEEFBB0BF08710F54819AE5D6FB241DF38A945DB90
                          Function 010344C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                          Download Yara Rule
                          APIs
                          • CharLowerBuffW.USER32(00000000,00000000,0105CC08), ref: 01034527
                          • _wcslen.LIBCMT ref: 0103453B
                          • _wcslen.LIBCMT ref: 01034599
                          • _wcslen.LIBCMT ref: 010345F4
                          • _wcslen.LIBCMT ref: 0103463F
                          • _wcslen.LIBCMT ref: 010346A7
                            • Part of subcall function 00FDF9F2: _wcslen.LIBCMT ref: 00FDF9FD
                          • GetDriveTypeW.KERNEL32(?,01086BF0,00000061), ref: 01034743
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen$BuffCharDriveLowerType
                          • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                          • API String ID: 2055661098-1000479233
                          • Opcode ID: fc16a745375c16ce59f4bcc49b5a50486f2be9dced94b41a62178de67609651d
                          • Instruction ID: 645714274be73efbfdc883f0738085f816fea35adc374fdcd4b149801890ebcc
                          • Opcode Fuzzy Hash: fc16a745375c16ce59f4bcc49b5a50486f2be9dced94b41a62178de67609651d
                          • Instruction Fuzzy Hash: 95B1EF31A083029BC711DF28C891A6EBBE9BFD9764F40495DF5D6CB292D734D884CB92
                          Function 01043FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • LoadLibraryA.KERNEL32(kernel32.dll,?,0105CC08), ref: 010440BB
                          • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 010440CD
                          • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0105CC08), ref: 010440F2
                          • FreeLibrary.KERNEL32(00000000,?,0105CC08), ref: 0104413E
                          • StringFromGUID2.OLE32(?,?,00000028,?,0105CC08), ref: 010441A8
                          • SysFreeString.OLEAUT32(00000009), ref: 01044262
                          • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 010442C8
                          • SysFreeString.OLEAUT32(?), ref: 010442F2
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                          • String ID: GetModuleHandleExW$kernel32.dll
                          • API String ID: 354098117-199464113
                          • Opcode ID: d1890d663c50f085719558b68e4589baca0aec9ac233b55347ab4364ddd5dc73
                          • Instruction ID: 60443189394115612226b2d0a3a4f0478a6a81fe34c0b6a4ab9148020ba00517
                          • Opcode Fuzzy Hash: d1890d663c50f085719558b68e4589baca0aec9ac233b55347ab4364ddd5dc73
                          • Instruction Fuzzy Hash: 98123AB5A00205AFDB55CF58C9C4EAEBBB9FF85314F1480A8E945DB251CB31ED46CBA0
                          Function 00FC326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetMenuItemCount.USER32(01091990), ref: 01002F8D
                          • GetMenuItemCount.USER32(01091990), ref: 0100303D
                          • GetCursorPos.USER32(?), ref: 01003081
                          • SetForegroundWindow.USER32(00000000), ref: 0100308A
                          • TrackPopupMenuEx.USER32(01091990,00000000,?,00000000,00000000,00000000), ref: 0100309D
                          • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 010030A9
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                          • String ID: 0
                          • API String ID: 36266755-4108050209
                          • Opcode ID: 68adfe2c4b685508efa959e53dd13e923f3b59018f63e3f09d928a1a7812451b
                          • Instruction ID: 94b807a8fd8afb0a3495e064716f8d8ed9aa1ff02ef178209c3c723f8e681e13
                          • Opcode Fuzzy Hash: 68adfe2c4b685508efa959e53dd13e923f3b59018f63e3f09d928a1a7812451b
                          • Instruction Fuzzy Hash: BE713A31640316BEFB329F68CD49FAABFA8FF003A4F20421AF6556A1D0C7B1A950D750
                          Function 01056CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                          Download Yara Rule
                          APIs
                          • DestroyWindow.USER32(00000000,?), ref: 01056DEB
                            • Part of subcall function 00FC6B57: _wcslen.LIBCMT ref: 00FC6B6A
                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 01056E5F
                          • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 01056E81
                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 01056E94
                          • DestroyWindow.USER32(?), ref: 01056EB5
                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00FC0000,00000000), ref: 01056EE4
                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 01056EFD
                          • GetDesktopWindow.USER32 ref: 01056F16
                          • GetWindowRect.USER32(00000000), ref: 01056F1D
                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 01056F35
                          • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 01056F4D
                            • Part of subcall function 00FD9944: GetWindowLongW.USER32(?,000000EB), ref: 00FD9952
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                          • String ID: 0$tooltips_class32
                          • API String ID: 2429346358-3619404913
                          • Opcode ID: f2beec0feb9b57d40df6fe82233408117ff30e3d351cff38dbf19d729774044b
                          • Instruction ID: 2998fdbf7e703a84f0a3a86631c9f0c7ebb6f6908ec9de52199693b2f372a2f6
                          • Opcode Fuzzy Hash: f2beec0feb9b57d40df6fe82233408117ff30e3d351cff38dbf19d729774044b
                          • Instruction Fuzzy Hash: C6716970504345AFEB61CF18C844FABBBE9FB89304F84055DFAD987261C776A906DB11
                          Function 0105911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FD9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FD9BB2
                          • DragQueryPoint.SHELL32(?,?), ref: 01059147
                            • Part of subcall function 01057674: ClientToScreen.USER32(?,?), ref: 0105769A
                            • Part of subcall function 01057674: GetWindowRect.USER32(?,?), ref: 01057710
                            • Part of subcall function 01057674: PtInRect.USER32(?,?,01058B89), ref: 01057720
                          • SendMessageW.USER32(?,000000B0,?,?), ref: 010591B0
                          • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 010591BB
                          • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 010591DE
                          • SendMessageW.USER32(?,000000C2,00000001,?), ref: 01059225
                          • SendMessageW.USER32(?,000000B0,?,?), ref: 0105923E
                          • SendMessageW.USER32(?,000000B1,?,?), ref: 01059255
                          • SendMessageW.USER32(?,000000B1,?,?), ref: 01059277
                          • DragFinish.SHELL32(?), ref: 0105927E
                          • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 01059371
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                          • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                          • API String ID: 221274066-3440237614
                          • Opcode ID: 5f247743e2ad3d32ee3e69062d53b9fb5b37aa0dc7a07078ea60e1ece551d381
                          • Instruction ID: 58f806bd275674eae79d61fba095c3c1e0ee32154f1bb3667fae54ca9072feff
                          • Opcode Fuzzy Hash: 5f247743e2ad3d32ee3e69062d53b9fb5b37aa0dc7a07078ea60e1ece551d381
                          • Instruction Fuzzy Hash: 5E61AC71108302AFD701DF60DD89EAFBBE8EF88350F00091EF595931A1DB75AA49CB62
                          Function 0103C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                          Download Yara Rule
                          APIs
                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0103C4B0
                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0103C4C3
                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0103C4D7
                          • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0103C4F0
                          • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0103C533
                          • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0103C549
                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0103C554
                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0103C584
                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0103C5DC
                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0103C5F0
                          • InternetCloseHandle.WININET(00000000), ref: 0103C5FB
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                          • String ID:
                          • API String ID: 3800310941-3916222277
                          • Opcode ID: 4bd63c451269309e330bd849329dbff0aba286804d06125490a384e921721c2b
                          • Instruction ID: d214f0364ae95bed53927da43e7ca1b09b9085b1311a5eed64de401775838c2c
                          • Opcode Fuzzy Hash: 4bd63c451269309e330bd849329dbff0aba286804d06125490a384e921721c2b
                          • Instruction Fuzzy Hash: D3512AB1500709BFFB219F65CA88AAB7BFCFB48754F00441AF986E6640DB35D944DB60
                          Function 0105856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                          Download Yara Rule
                          APIs
                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 01058592
                          • GetFileSize.KERNEL32(00000000,00000000), ref: 010585A2
                          • GlobalAlloc.KERNEL32(00000002,00000000), ref: 010585AD
                          • CloseHandle.KERNEL32(00000000), ref: 010585BA
                          • GlobalLock.KERNEL32(00000000), ref: 010585C8
                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 010585D7
                          • GlobalUnlock.KERNEL32(00000000), ref: 010585E0
                          • CloseHandle.KERNEL32(00000000), ref: 010585E7
                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 010585F8
                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,0105FC38,?), ref: 01058611
                          • GlobalFree.KERNEL32(00000000), ref: 01058621
                          • GetObjectW.GDI32(?,00000018,000000FF), ref: 01058641
                          • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 01058671
                          • DeleteObject.GDI32(00000000), ref: 01058699
                          • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 010586AF
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                          • String ID:
                          • API String ID: 3840717409-0
                          • Opcode ID: b742781240606bec15c6863a0153ccbe0993fc23b1f561a7e4da60026cd43654
                          • Instruction ID: 47d618dd90bcdd9f69d35c5afe450d3c0a87b5c920e8cd293da26d7c6663db9f
                          • Opcode Fuzzy Hash: b742781240606bec15c6863a0153ccbe0993fc23b1f561a7e4da60026cd43654
                          • Instruction Fuzzy Hash: C1411875600308AFEB619FA9CD48EAB7BBCEB89755F008059FD8AE7250D7359941CB20
                          Function 010314BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                          Download Yara Rule
                          APIs
                          • VariantInit.OLEAUT32(00000000), ref: 01031502
                          • VariantCopy.OLEAUT32(?,?), ref: 0103150B
                          • VariantClear.OLEAUT32(?), ref: 01031517
                          • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 010315FB
                          • VarR8FromDec.OLEAUT32(?,?), ref: 01031657
                          • VariantInit.OLEAUT32(?), ref: 01031708
                          • SysFreeString.OLEAUT32(?), ref: 0103178C
                          • VariantClear.OLEAUT32(?), ref: 010317D8
                          • VariantClear.OLEAUT32(?), ref: 010317E7
                          • VariantInit.OLEAUT32(00000000), ref: 01031823
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                          • String ID: %4d%02d%02d%02d%02d%02d$Default
                          • API String ID: 1234038744-3931177956
                          • Opcode ID: 472fb72ff3608ce7429594a91b9e3d984a5b725e56d8dca39acc374c30cb3cd2
                          • Instruction ID: da47acbff63726c8e79584fca27e35c74f55a36eff67986261357d062c3f2068
                          • Opcode Fuzzy Hash: 472fb72ff3608ce7429594a91b9e3d984a5b725e56d8dca39acc374c30cb3cd2
                          • Instruction Fuzzy Hash: 83D1F531A00215DBEB10DF65D885B7DBBF9BF49700F08849AF596AB2C0DB38E845DB61
                          Function 0104B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                            • Part of subcall function 0104C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0104B6AE,?,?), ref: 0104C9B5
                            • Part of subcall function 0104C998: _wcslen.LIBCMT ref: 0104C9F1
                            • Part of subcall function 0104C998: _wcslen.LIBCMT ref: 0104CA68
                            • Part of subcall function 0104C998: _wcslen.LIBCMT ref: 0104CA9E
                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0104B6F4
                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0104B772
                          • RegDeleteValueW.ADVAPI32(?,?), ref: 0104B80A
                          • RegCloseKey.ADVAPI32(?), ref: 0104B87E
                          • RegCloseKey.ADVAPI32(?), ref: 0104B89C
                          • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0104B8F2
                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0104B904
                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 0104B922
                          • FreeLibrary.KERNEL32(00000000), ref: 0104B983
                          • RegCloseKey.ADVAPI32(00000000), ref: 0104B994
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                          • String ID: RegDeleteKeyExW$advapi32.dll
                          • API String ID: 146587525-4033151799
                          • Opcode ID: 4acf04ee6f46b210fb4464dd87deb371c84a1f383c8f767a238411efcdbf15c8
                          • Instruction ID: 0fa857f958cc23a1109c60b9f527a32efbcf6514700b0bbb4236de3c20fcec74
                          • Opcode Fuzzy Hash: 4acf04ee6f46b210fb4464dd87deb371c84a1f383c8f767a238411efcdbf15c8
                          • Instruction Fuzzy Hash: EAC19074208302AFE714DF18C5D5F2ABBE5BF85318F1884ACF5994B292CB75E845CB91
                          Function 0104255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetDC.USER32(00000000), ref: 010425D8
                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 010425E8
                          • CreateCompatibleDC.GDI32(?), ref: 010425F4
                          • SelectObject.GDI32(00000000,?), ref: 01042601
                          • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0104266D
                          • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 010426AC
                          • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 010426D0
                          • SelectObject.GDI32(?,?), ref: 010426D8
                          • DeleteObject.GDI32(?), ref: 010426E1
                          • DeleteDC.GDI32(?), ref: 010426E8
                          • ReleaseDC.USER32(00000000,?), ref: 010426F3
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                          • String ID: (
                          • API String ID: 2598888154-3887548279
                          • Opcode ID: b0394cce294b233228d755ee075c1982f92548752441a9472bc95e6ad3478925
                          • Instruction ID: ebb7516b21aac65492506810bbd7beedf6809b38409b2a7633bea89a13f26e41
                          • Opcode Fuzzy Hash: b0394cce294b233228d755ee075c1982f92548752441a9472bc95e6ad3478925
                          • Instruction Fuzzy Hash: C06103B5E00309EFDF15CFA4D984AAEBBB9FF48310F208529E996A7240D735A940CF54
                          Function 00FFDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • ___free_lconv_mon.LIBCMT ref: 00FFDAA1
                            • Part of subcall function 00FFD63C: _free.LIBCMT ref: 00FFD659
                            • Part of subcall function 00FFD63C: _free.LIBCMT ref: 00FFD66B
                            • Part of subcall function 00FFD63C: _free.LIBCMT ref: 00FFD67D
                            • Part of subcall function 00FFD63C: _free.LIBCMT ref: 00FFD68F
                            • Part of subcall function 00FFD63C: _free.LIBCMT ref: 00FFD6A1
                            • Part of subcall function 00FFD63C: _free.LIBCMT ref: 00FFD6B3
                            • Part of subcall function 00FFD63C: _free.LIBCMT ref: 00FFD6C5
                            • Part of subcall function 00FFD63C: _free.LIBCMT ref: 00FFD6D7
                            • Part of subcall function 00FFD63C: _free.LIBCMT ref: 00FFD6E9
                            • Part of subcall function 00FFD63C: _free.LIBCMT ref: 00FFD6FB
                            • Part of subcall function 00FFD63C: _free.LIBCMT ref: 00FFD70D
                            • Part of subcall function 00FFD63C: _free.LIBCMT ref: 00FFD71F
                            • Part of subcall function 00FFD63C: _free.LIBCMT ref: 00FFD731
                          • _free.LIBCMT ref: 00FFDA96
                            • Part of subcall function 00FF29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FFD7D1,00000000,00000000,00000000,00000000,?,00FFD7F8,00000000,00000007,00000000,?,00FFDBF5,00000000), ref: 00FF29DE
                            • Part of subcall function 00FF29C8: GetLastError.KERNEL32(00000000,?,00FFD7D1,00000000,00000000,00000000,00000000,?,00FFD7F8,00000000,00000007,00000000,?,00FFDBF5,00000000,00000000), ref: 00FF29F0
                          • _free.LIBCMT ref: 00FFDAB8
                          • _free.LIBCMT ref: 00FFDACD
                          • _free.LIBCMT ref: 00FFDAD8
                          • _free.LIBCMT ref: 00FFDAFA
                          • _free.LIBCMT ref: 00FFDB0D
                          • _free.LIBCMT ref: 00FFDB1B
                          • _free.LIBCMT ref: 00FFDB26
                          • _free.LIBCMT ref: 00FFDB5E
                          • _free.LIBCMT ref: 00FFDB65
                          • _free.LIBCMT ref: 00FFDB82
                          • _free.LIBCMT ref: 00FFDB9A
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                          • String ID:
                          • API String ID: 161543041-0
                          • Opcode ID: 1955f9c0b15aff1182d4f5299f420dee94cb5b24986574eeb4c479b1ed60a499
                          • Instruction ID: 7db2b4ce6ed656709ca0ed45ad540b207daa4ad072b66c91bfe431cbaa6a346c
                          • Opcode Fuzzy Hash: 1955f9c0b15aff1182d4f5299f420dee94cb5b24986574eeb4c479b1ed60a499
                          • Instruction Fuzzy Hash: BF316B31A442099FEB31AA38EC45B7A77EAFF40320F104519E248D71B2DB79AC40B724
                          Function 0102365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                          Download Yara Rule
                          APIs
                          • GetClassNameW.USER32(?,?,00000100), ref: 0102369C
                          • _wcslen.LIBCMT ref: 010236A7
                          • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 01023797
                          • GetClassNameW.USER32(?,?,00000400), ref: 0102380C
                          • GetDlgCtrlID.USER32(?), ref: 0102385D
                          • GetWindowRect.USER32(?,?), ref: 01023882
                          • GetParent.USER32(?), ref: 010238A0
                          • ScreenToClient.USER32(00000000), ref: 010238A7
                          • GetClassNameW.USER32(?,?,00000100), ref: 01023921
                          • GetWindowTextW.USER32(?,?,00000400), ref: 0102395D
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                          • String ID: %s%u
                          • API String ID: 4010501982-679674701
                          • Opcode ID: 549a7e2af6be28e3d60541bcd269c754679dd638e80658d298985cc891e1e990
                          • Instruction ID: f04cb1c835e5a123f15fbc653c471f54f00fc338d8770e09be0f751137380c82
                          • Opcode Fuzzy Hash: 549a7e2af6be28e3d60541bcd269c754679dd638e80658d298985cc891e1e990
                          • Instruction Fuzzy Hash: 5591D371204316AFE719DE28C884FAAF7E9FF49344F008519FAD9DA180DB38E545CBA1
                          Function 01024954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                          Download Yara Rule
                          APIs
                          • GetClassNameW.USER32(?,?,00000400), ref: 01024994
                          • GetWindowTextW.USER32(?,?,00000400), ref: 010249DA
                          • _wcslen.LIBCMT ref: 010249EB
                          • CharUpperBuffW.USER32(?,00000000), ref: 010249F7
                          • _wcsstr.LIBVCRUNTIME ref: 01024A2C
                          • GetClassNameW.USER32(00000018,?,00000400), ref: 01024A64
                          • GetWindowTextW.USER32(?,?,00000400), ref: 01024A9D
                          • GetClassNameW.USER32(00000018,?,00000400), ref: 01024AE6
                          • GetClassNameW.USER32(?,?,00000400), ref: 01024B20
                          • GetWindowRect.USER32(?,?), ref: 01024B8B
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                          • String ID: ThumbnailClass
                          • API String ID: 1311036022-1241985126
                          • Opcode ID: 415a02b0e6b966f3e4c4fca31f6f09ea99aeb78e4baf5b74736d123e4424dfb5
                          • Instruction ID: a9c8739b65da1caf8f69650002a3276102565b0379487eaee5a99d058541b12a
                          • Opcode Fuzzy Hash: 415a02b0e6b966f3e4c4fca31f6f09ea99aeb78e4baf5b74736d123e4424dfb5
                          • Instruction Fuzzy Hash: DA91CF311043269FEB15DF18C985FAA7BE8FF84314F0484A9EEC5DA086DB34E945CBA1
                          Function 0102BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                          Download Yara Rule
                          APIs
                          • GetMenuItemInfoW.USER32(01091990,000000FF,00000000,00000030), ref: 0102BFAC
                          • SetMenuItemInfoW.USER32(01091990,00000004,00000000,00000030), ref: 0102BFE1
                          • Sleep.KERNEL32(000001F4), ref: 0102BFF3
                          • GetMenuItemCount.USER32(?), ref: 0102C039
                          • GetMenuItemID.USER32(?,00000000), ref: 0102C056
                          • GetMenuItemID.USER32(?,-00000001), ref: 0102C082
                          • GetMenuItemID.USER32(?,?), ref: 0102C0C9
                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0102C10F
                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0102C124
                          • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0102C145
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ItemMenu$Info$CheckCountRadioSleep
                          • String ID: 0
                          • API String ID: 1460738036-4108050209
                          • Opcode ID: cbf29196f5765641d1b1365f9c931d5c3d813a7531203936a566f2789d613859
                          • Instruction ID: eeffa7f55da7f0aeac87b5a553c27f4a9b75233f0f55a82e10effd8b8a93c42d
                          • Opcode Fuzzy Hash: cbf29196f5765641d1b1365f9c931d5c3d813a7531203936a566f2789d613859
                          • Instruction Fuzzy Hash: B1617270900366AFFF25CF58CA89AEE7FB8EF46344F144155F991A3281C739A944CB60
                          Function 0104CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                          Download Yara Rule
                          APIs
                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0104CC64
                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0104CC8D
                          • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0104CD48
                            • Part of subcall function 0104CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0104CCAA
                            • Part of subcall function 0104CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0104CCBD
                            • Part of subcall function 0104CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0104CCCF
                            • Part of subcall function 0104CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0104CD05
                            • Part of subcall function 0104CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0104CD28
                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 0104CCF3
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                          • String ID: RegDeleteKeyExW$advapi32.dll
                          • API String ID: 2734957052-4033151799
                          • Opcode ID: 9470f3e7b70642ccab4c70a4eefa359033d736cc3827021c0d2e3a7e669e0fb9
                          • Instruction ID: d70d66178d4370d11565521447afd4da8bc7631945d02a0538596e4bb4f68a71
                          • Opcode Fuzzy Hash: 9470f3e7b70642ccab4c70a4eefa359033d736cc3827021c0d2e3a7e669e0fb9
                          • Instruction Fuzzy Hash: E23170B1902219BBE7219B55DEC8EFFBBBCEF06650F000165F981E2104DA349A45DBA4
                          Function 01033D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                          Download Yara Rule
                          APIs
                          • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 01033D40
                          • _wcslen.LIBCMT ref: 01033D6D
                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 01033D9D
                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 01033DBE
                          • RemoveDirectoryW.KERNEL32(?), ref: 01033DCE
                          • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 01033E55
                          • CloseHandle.KERNEL32(00000000), ref: 01033E60
                          • CloseHandle.KERNEL32(00000000), ref: 01033E6B
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                          • String ID: :$\$\??\%s
                          • API String ID: 1149970189-3457252023
                          • Opcode ID: 86711502de403e5351f2bb550074e2ee27df764628bd61594cfa5f2305068d3a
                          • Instruction ID: e51e08adb5e48bea57eca0a913d0d69b6654cc5a1135609973e300aa1b1a0420
                          • Opcode Fuzzy Hash: 86711502de403e5351f2bb550074e2ee27df764628bd61594cfa5f2305068d3a
                          • Instruction Fuzzy Hash: 7731C471900209ABEB21AFA4DC89FEF37BDFF88740F1040B6F649D6155EB7492848B24
                          Function 0102E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                          Download Yara Rule
                          APIs
                          • timeGetTime.WINMM ref: 0102E6B4
                            • Part of subcall function 00FDE551: timeGetTime.WINMM(?,?,0102E6D4), ref: 00FDE555
                          • Sleep.KERNEL32(0000000A), ref: 0102E6E1
                          • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0102E705
                          • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0102E727
                          • SetActiveWindow.USER32 ref: 0102E746
                          • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0102E754
                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 0102E773
                          • Sleep.KERNEL32(000000FA), ref: 0102E77E
                          • IsWindow.USER32 ref: 0102E78A
                          • EndDialog.USER32(00000000), ref: 0102E79B
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                          • String ID: BUTTON
                          • API String ID: 1194449130-3405671355
                          • Opcode ID: 9d4e02a73a708b4a61b158cc85950137f5fa99d00c911261b89d7e78d28663cc
                          • Instruction ID: d6571726963978869342d59d3dda989e746c4162cf3a38f111d53dc79ad34332
                          • Opcode Fuzzy Hash: 9d4e02a73a708b4a61b158cc85950137f5fa99d00c911261b89d7e78d28663cc
                          • Instruction Fuzzy Hash: 0021A170248315BFFB315F64ED98A2A3BADF74D348B144425F5C281649DB7BAC108B64
                          Function 0102E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                          • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0102EA5D
                          • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0102EA73
                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0102EA84
                          • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0102EA96
                          • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0102EAA7
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: SendString$_wcslen
                          • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                          • API String ID: 2420728520-1007645807
                          • Opcode ID: 8e5376aeba2ca477589517177f46567dd008a95312eac14711dcaa38388e7f9e
                          • Instruction ID: e04b0ee61003233abb3f7b24d09630a42612e7b1eb6dd09245dc9951f44e6f26
                          • Opcode Fuzzy Hash: 8e5376aeba2ca477589517177f46567dd008a95312eac14711dcaa38388e7f9e
                          • Instruction Fuzzy Hash: C111A331A9426A79E720B7A6DD4AEFF7ABCEBD1B00F40046DB4C1A60D1EEA11905C5B0
                          Function 01029F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                          Download Yara Rule
                          APIs
                          • GetKeyboardState.USER32(?), ref: 0102A012
                          • SetKeyboardState.USER32(?), ref: 0102A07D
                          • GetAsyncKeyState.USER32(000000A0), ref: 0102A09D
                          • GetKeyState.USER32(000000A0), ref: 0102A0B4
                          • GetAsyncKeyState.USER32(000000A1), ref: 0102A0E3
                          • GetKeyState.USER32(000000A1), ref: 0102A0F4
                          • GetAsyncKeyState.USER32(00000011), ref: 0102A120
                          • GetKeyState.USER32(00000011), ref: 0102A12E
                          • GetAsyncKeyState.USER32(00000012), ref: 0102A157
                          • GetKeyState.USER32(00000012), ref: 0102A165
                          • GetAsyncKeyState.USER32(0000005B), ref: 0102A18E
                          • GetKeyState.USER32(0000005B), ref: 0102A19C
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: State$Async$Keyboard
                          • String ID:
                          • API String ID: 541375521-0
                          • Opcode ID: 99b40e338a74af86013de9780664d49159dddeb26aa430522454a5d979076a0e
                          • Instruction ID: 48dd6d7bd2e032e7cc91d601c9223b8b5028e1e7d68e3838e3fc1219a3b0a850
                          • Opcode Fuzzy Hash: 99b40e338a74af86013de9780664d49159dddeb26aa430522454a5d979076a0e
                          • Instruction Fuzzy Hash: 8E510830A047A969FBB5DBA48410BEBBFF49F02384F0885D9D6C2575C3DE54A64CCB61
                          Function 01025CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                          Download Yara Rule
                          APIs
                          • GetDlgItem.USER32(?,00000001), ref: 01025CE2
                          • GetWindowRect.USER32(00000000,?), ref: 01025CFB
                          • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 01025D59
                          • GetDlgItem.USER32(?,00000002), ref: 01025D69
                          • GetWindowRect.USER32(00000000,?), ref: 01025D7B
                          • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 01025DCF
                          • GetDlgItem.USER32(?,000003E9), ref: 01025DDD
                          • GetWindowRect.USER32(00000000,?), ref: 01025DEF
                          • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 01025E31
                          • GetDlgItem.USER32(?,000003EA), ref: 01025E44
                          • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 01025E5A
                          • InvalidateRect.USER32(?,00000000,00000001), ref: 01025E67
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$ItemMoveRect$Invalidate
                          • String ID:
                          • API String ID: 3096461208-0
                          • Opcode ID: 6faf1a6117d570b4e4603b9aa32ebc74046d672754c1d00a0fcc436e33f7fcbd
                          • Instruction ID: 152d405f33e426f05fb9bf38c35204dd6286ee1bc850d98a1e56467df85a8817
                          • Opcode Fuzzy Hash: 6faf1a6117d570b4e4603b9aa32ebc74046d672754c1d00a0fcc436e33f7fcbd
                          • Instruction Fuzzy Hash: 6F511E71A00319AFDF18DF68DD89AAE7BF9FB48300F108169F555E6294D774AE00CB60
                          Function 00FD8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FD8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00FD8BE8,?,00000000,?,?,?,?,00FD8BBA,00000000,?), ref: 00FD8FC5
                          • DestroyWindow.USER32(?), ref: 00FD8C81
                          • KillTimer.USER32(00000000,?,?,?,?,00FD8BBA,00000000,?), ref: 00FD8D1B
                          • DestroyAcceleratorTable.USER32(00000000), ref: 01016973
                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00FD8BBA,00000000,?), ref: 010169A1
                          • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00FD8BBA,00000000,?), ref: 010169B8
                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00FD8BBA,00000000), ref: 010169D4
                          • DeleteObject.GDI32(00000000), ref: 010169E6
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                          • String ID:
                          • API String ID: 641708696-0
                          • Opcode ID: b04d44c8731998eab72e8e84516732f01e919235581339a806174416fffe5eeb
                          • Instruction ID: 30e9dc07e8e627d2688db4b622be3dc4e554fd3125bef301a950b42bc8c33556
                          • Opcode Fuzzy Hash: b04d44c8731998eab72e8e84516732f01e919235581339a806174416fffe5eeb
                          • Instruction Fuzzy Hash: ED61C331511701DFDB369F18DA4872A77F6FB40362F18455EE0C28B698CB7AA882EF50
                          Function 00FD9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FD9944: GetWindowLongW.USER32(?,000000EB), ref: 00FD9952
                          • GetSysColor.USER32(0000000F), ref: 00FD9862
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ColorLongWindow
                          • String ID:
                          • API String ID: 259745315-0
                          • Opcode ID: 88f5cb535a0d9298f08fff5202eae91266199ff862cccb519f149edba08aa251
                          • Instruction ID: 2aa66d14a289d063eb1ba67b2a9a8cd055d27dcee763063b30a26a33fb7344c2
                          • Opcode Fuzzy Hash: 88f5cb535a0d9298f08fff5202eae91266199ff862cccb519f149edba08aa251
                          • Instruction Fuzzy Hash: 5641C331508740AFEF305F789884BBA3BAAAB06731F584646F9E2872D5C7B59841FB11
                          Function 010296E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0100F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 01029717
                          • LoadStringW.USER32(00000000,?,0100F7F8,00000001), ref: 01029720
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                          • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0100F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 01029742
                          • LoadStringW.USER32(00000000,?,0100F7F8,00000001), ref: 01029745
                          • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 01029866
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: HandleLoadModuleString$Message_wcslen
                          • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                          • API String ID: 747408836-2268648507
                          • Opcode ID: 3ffa372f08081040bd7804bbf14dc1b069da316e974d45ad716ae412981e56cb
                          • Instruction ID: d0d856a784c6ff3ffb637b14b5e06494febdff46d47fffb4f78be28fada4c86d
                          • Opcode Fuzzy Hash: 3ffa372f08081040bd7804bbf14dc1b069da316e974d45ad716ae412981e56cb
                          • Instruction Fuzzy Hash: 1D417E7290422AAADB04FBE0DE47EEE7779AF14344F504029F24172091EF796F48DB61
                          Function 010206DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC6B57: _wcslen.LIBCMT ref: 00FC6B6A
                          • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 010207A2
                          • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 010207BE
                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 010207DA
                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 01020804
                          • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0102082C
                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 01020837
                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0102083C
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                          • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                          • API String ID: 323675364-22481851
                          • Opcode ID: 8123605bb68f659bc47b044cb37d4b705b91058f7bc3df1294c30f2f391e9bd9
                          • Instruction ID: 92d6a2426e48097662593d5c5038d8dd15865b5a0db6f358ea0d56342bb44fa4
                          • Opcode Fuzzy Hash: 8123605bb68f659bc47b044cb37d4b705b91058f7bc3df1294c30f2f391e9bd9
                          • Instruction Fuzzy Hash: 00413772C10229ABDF21EBA4DD86DEEB7B8FF04350B044169F981A3151EB759E04DBA0
                          Function 01053F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                          Download Yara Rule
                          APIs
                          • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0105403B
                          • CreateCompatibleDC.GDI32(00000000), ref: 01054042
                          • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 01054055
                          • SelectObject.GDI32(00000000,00000000), ref: 0105405D
                          • GetPixel.GDI32(00000000,00000000,00000000), ref: 01054068
                          • DeleteDC.GDI32(00000000), ref: 01054072
                          • GetWindowLongW.USER32(?,000000EC), ref: 0105407C
                          • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 01054092
                          • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0105409E
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                          • String ID: static
                          • API String ID: 2559357485-2160076837
                          • Opcode ID: b07eac17300b8d2ce20a73a3382a2afa1f426d3db3e0a0160f57451705dcecf2
                          • Instruction ID: d8e68cd59dc8e5821099e51a7b89c26d5c6fd02a47927798198c7b2b39b33501
                          • Opcode Fuzzy Hash: b07eac17300b8d2ce20a73a3382a2afa1f426d3db3e0a0160f57451705dcecf2
                          • Instruction Fuzzy Hash: 70315932100315ABEF629FA8CD48FDB3BA8EF0D324F100215FA99E6090D73AD850DB64
                          Function 01043C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                          Download Yara Rule
                          APIs
                          • VariantInit.OLEAUT32(?), ref: 01043C5C
                          • CoInitialize.OLE32(00000000), ref: 01043C8A
                          • CoUninitialize.OLE32 ref: 01043C94
                          • _wcslen.LIBCMT ref: 01043D2D
                          • GetRunningObjectTable.OLE32(00000000,?), ref: 01043DB1
                          • SetErrorMode.KERNEL32(00000001,00000029), ref: 01043ED5
                          • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 01043F0E
                          • CoGetObject.OLE32(?,00000000,0105FB98,?), ref: 01043F2D
                          • SetErrorMode.KERNEL32(00000000), ref: 01043F40
                          • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 01043FC4
                          • VariantClear.OLEAUT32(?), ref: 01043FD8
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                          • String ID:
                          • API String ID: 429561992-0
                          • Opcode ID: d29067689e8e61e7ec108c0c3f31c7f1faf87ab2ef9adbe86f17fd21fe310d29
                          • Instruction ID: f31a65d9ff02bcd6794bb1a86086818772b40cd6851576adb90e5d41a4492093
                          • Opcode Fuzzy Hash: d29067689e8e61e7ec108c0c3f31c7f1faf87ab2ef9adbe86f17fd21fe310d29
                          • Instruction Fuzzy Hash: 64C143B1608316AFD710DF68C98492BBBE9FF89744F00496DF98A9B250DB31ED05CB52
                          Function 01037A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                          Download Yara Rule
                          APIs
                          • CoInitialize.OLE32(00000000), ref: 01037AF3
                          • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 01037B8F
                          • SHGetDesktopFolder.SHELL32(?), ref: 01037BA3
                          • CoCreateInstance.OLE32(0105FD08,00000000,00000001,01086E6C,?), ref: 01037BEF
                          • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 01037C74
                          • CoTaskMemFree.OLE32(?,?), ref: 01037CCC
                          • SHBrowseForFolderW.SHELL32(?), ref: 01037D57
                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 01037D7A
                          • CoTaskMemFree.OLE32(00000000), ref: 01037D81
                          • CoTaskMemFree.OLE32(00000000), ref: 01037DD6
                          • CoUninitialize.OLE32 ref: 01037DDC
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                          • String ID:
                          • API String ID: 2762341140-0
                          • Opcode ID: 4eb2cff4fc0129ff078bf05fe54f687f29f54694bf66329b4709d721028d0250
                          • Instruction ID: 0585d6f8629ffab73b71ea21b4011b4f3399c165381abb8405ef044db60345ef
                          • Opcode Fuzzy Hash: 4eb2cff4fc0129ff078bf05fe54f687f29f54694bf66329b4709d721028d0250
                          • Instruction Fuzzy Hash: C7C15B75A00209AFDB14DF64C988DAEBBF9FF48304B148498E955DB361DB35ED41CB90
                          Function 0105541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 01055504
                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 01055515
                          • CharNextW.USER32(00000158), ref: 01055544
                          • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 01055585
                          • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0105559B
                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 010555AC
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$CharNext
                          • String ID:
                          • API String ID: 1350042424-0
                          • Opcode ID: f15ae9baa229bc82e89d979833c312dcab570878dbbbd6c5b5ae304626bafea6
                          • Instruction ID: 4caaddc48938b08d9bb41b27b7040c4fff8d0932ab18e2641bc1d4b553a5bb73
                          • Opcode Fuzzy Hash: f15ae9baa229bc82e89d979833c312dcab570878dbbbd6c5b5ae304626bafea6
                          • Instruction Fuzzy Hash: B2616034A00209ABEFA19F54CC849FF7FB9FB0A724F004145FAA5AB290D7799641DF60
                          Function 0101FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                          Download Yara Rule
                          APIs
                          • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0101FAAF
                          • SafeArrayAllocData.OLEAUT32(?), ref: 0101FB08
                          • VariantInit.OLEAUT32(?), ref: 0101FB1A
                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 0101FB3A
                          • VariantCopy.OLEAUT32(?,?), ref: 0101FB8D
                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 0101FBA1
                          • VariantClear.OLEAUT32(?), ref: 0101FBB6
                          • SafeArrayDestroyData.OLEAUT32(?), ref: 0101FBC3
                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0101FBCC
                          • VariantClear.OLEAUT32(?), ref: 0101FBDE
                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0101FBE9
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                          • String ID:
                          • API String ID: 2706829360-0
                          • Opcode ID: 31b1c4a3aa9bd10b4595466aa01117d514fb07db3dc2d297ea3eb4507bf31cdd
                          • Instruction ID: f33dd4b8a5946974266e18c8b704f3b5cfac0fe32dd8c7b44c6fb620ce0b2bad
                          • Opcode Fuzzy Hash: 31b1c4a3aa9bd10b4595466aa01117d514fb07db3dc2d297ea3eb4507bf31cdd
                          • Instruction Fuzzy Hash: 10417175A0031A9FDB10DF68C894DEEBFB9FF48344F008059E985A7255CB39A946CFA0
                          Function 01029C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                          Download Yara Rule
                          APIs
                          • GetKeyboardState.USER32(?), ref: 01029CA1
                          • GetAsyncKeyState.USER32(000000A0), ref: 01029D22
                          • GetKeyState.USER32(000000A0), ref: 01029D3D
                          • GetAsyncKeyState.USER32(000000A1), ref: 01029D57
                          • GetKeyState.USER32(000000A1), ref: 01029D6C
                          • GetAsyncKeyState.USER32(00000011), ref: 01029D84
                          • GetKeyState.USER32(00000011), ref: 01029D96
                          • GetAsyncKeyState.USER32(00000012), ref: 01029DAE
                          • GetKeyState.USER32(00000012), ref: 01029DC0
                          • GetAsyncKeyState.USER32(0000005B), ref: 01029DD8
                          • GetKeyState.USER32(0000005B), ref: 01029DEA
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: State$Async$Keyboard
                          • String ID:
                          • API String ID: 541375521-0
                          • Opcode ID: 2915a5143f28e70b1948031c03be679613acdbdc56a50ece31853407706ba95b
                          • Instruction ID: 26a567332e872774f4a7bf91b81aa6c8a958fa01838cd6f6ea70f0b7537fffce
                          • Opcode Fuzzy Hash: 2915a5143f28e70b1948031c03be679613acdbdc56a50ece31853407706ba95b
                          • Instruction Fuzzy Hash: 4C41D5345047F969FFB2966884043B6BEE06F0134CF0480DEDAC6575C3DBA595C8C7A2
                          Function 0104055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                          Download Yara Rule
                          APIs
                          • WSAStartup.WSOCK32(00000101,?), ref: 010405BC
                          • inet_addr.WSOCK32(?), ref: 0104061C
                          • gethostbyname.WSOCK32(?), ref: 01040628
                          • IcmpCreateFile.IPHLPAPI ref: 01040636
                          • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 010406C6
                          • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 010406E5
                          • IcmpCloseHandle.IPHLPAPI(?), ref: 010407B9
                          • WSACleanup.WSOCK32 ref: 010407BF
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                          • String ID: Ping
                          • API String ID: 1028309954-2246546115
                          • Opcode ID: f06891057b012f3836161828b08fad76105bee0a060980e90acc3eda33d091c2
                          • Instruction ID: 2ee0e32b7438322d7c5924cde3041e351450c91a41e1ad7db047c7b6cc484e62
                          • Opcode Fuzzy Hash: f06891057b012f3836161828b08fad76105bee0a060980e90acc3eda33d091c2
                          • Instruction Fuzzy Hash: 4291AF759043019FD320DF19C989F5ABBE0FF44318F0485A9F6AA9B6A6C735E845CF82
                          Function 01048CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen$BuffCharLower
                          • String ID: cdecl$none$stdcall$winapi
                          • API String ID: 707087890-567219261
                          • Opcode ID: 0c0c81302d8562f924d17fe791070c11fc8997e02ed0fac51adbd006e719d79b
                          • Instruction ID: 94262c254dd44e50ca01705a2220f73d68e2a0edacffe26c5c1922a18bd2356a
                          • Opcode Fuzzy Hash: 0c0c81302d8562f924d17fe791070c11fc8997e02ed0fac51adbd006e719d79b
                          • Instruction Fuzzy Hash: 6851F3B1A000169BCB24EFADC9809BEB7E5BF54324B20867AE4A6E7285D734DD40C790
                          Function 0104372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                          Download Yara Rule
                          APIs
                          • CoInitialize.OLE32 ref: 01043774
                          • CoUninitialize.OLE32 ref: 0104377F
                          • CoCreateInstance.OLE32(?,00000000,00000017,0105FB78,?), ref: 010437D9
                          • IIDFromString.OLE32(?,?), ref: 0104384C
                          • VariantInit.OLEAUT32(?), ref: 010438E4
                          • VariantClear.OLEAUT32(?), ref: 01043936
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                          • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                          • API String ID: 636576611-1287834457
                          • Opcode ID: dc0cf024e02d1424b52e0b43d157d1665b61f9d022fffb083ef5a5e6acc41fca
                          • Instruction ID: 22041246f30a22d67ca3cd9d22a66e830c723a5951a5e554ff4969a5d86f3afd
                          • Opcode Fuzzy Hash: dc0cf024e02d1424b52e0b43d157d1665b61f9d022fffb083ef5a5e6acc41fca
                          • Instruction Fuzzy Hash: D0616CB0608311AFE321DF54C989B6ABBE8FF49714F00086DF9C59B291C774E948CB92
                          Function 01033388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                          Download Yara Rule
                          APIs
                          • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 010333CF
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                          • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 010333F0
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: LoadString$_wcslen
                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                          • API String ID: 4099089115-3080491070
                          • Opcode ID: 4df17b82b60330386847a3a137bbd962ce7dd2177d564709b5d0263c17bfddc5
                          • Instruction ID: 5565e6e7e224be49b43ef58daa33b66f1af3617cd0335cffee2ae2a60ad6bf4c
                          • Opcode Fuzzy Hash: 4df17b82b60330386847a3a137bbd962ce7dd2177d564709b5d0263c17bfddc5
                          • Instruction Fuzzy Hash: 8551BE3190421BAADF15EBA0CE47EEEB7B9BF14340F108169F54576091EB3A2F58DB60
                          Function 0102B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen$BuffCharUpper
                          • String ID: APPEND$EXISTS$KEYS$REMOVE
                          • API String ID: 1256254125-769500911
                          • Opcode ID: eddc8079df35a4f65573129da4e551c06014d36cacaf2cf365a290b480076fe1
                          • Instruction ID: 9fc4f7925e3779ed4af598f984ee0832a66ed6f7d97ba778ebb8645af04a2c0a
                          • Opcode Fuzzy Hash: eddc8079df35a4f65573129da4e551c06014d36cacaf2cf365a290b480076fe1
                          • Instruction Fuzzy Hash: 81412832A000378BCB306F7DCC945BE7BE5BF64654B1441A9E4E2D7281F639C981C390
                          Function 01035393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                          Download Yara Rule
                          APIs
                          • SetErrorMode.KERNEL32(00000001), ref: 010353A0
                          • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 01035416
                          • GetLastError.KERNEL32 ref: 01035420
                          • SetErrorMode.KERNEL32(00000000,READY), ref: 010354A7
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Error$Mode$DiskFreeLastSpace
                          • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                          • API String ID: 4194297153-14809454
                          • Opcode ID: be03311f28779749e681470ab5832616e8086f68ae357d4b8c83d3d47e095870
                          • Instruction ID: 48a6e9eba586b5d85854089bf24d31fec6088fbeca3d9e0d218ca3612a31a93a
                          • Opcode Fuzzy Hash: be03311f28779749e681470ab5832616e8086f68ae357d4b8c83d3d47e095870
                          • Instruction Fuzzy Hash: A431D335A002059FD715DF68C985FAA7BF8FF85309F048099E585CB2A2DB76DD42CB90
                          Function 01053C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                          Download Yara Rule
                          APIs
                          • CreateMenu.USER32 ref: 01053C79
                          • SetMenu.USER32(?,00000000), ref: 01053C88
                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 01053D10
                          • IsMenu.USER32(?), ref: 01053D24
                          • CreatePopupMenu.USER32 ref: 01053D2E
                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 01053D5B
                          • DrawMenuBar.USER32 ref: 01053D63
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Menu$CreateItem$DrawInfoInsertPopup
                          • String ID: 0$F
                          • API String ID: 161812096-3044882817
                          • Opcode ID: 47a6b2d5e9c34c4fcebc555a98073588d209fa25a8ec9b57f5dbb809fb9dc1d8
                          • Instruction ID: 04148d6fe2c16363409217409e7db863d892b44cec3c7b792229cf55a485de64
                          • Opcode Fuzzy Hash: 47a6b2d5e9c34c4fcebc555a98073588d209fa25a8ec9b57f5dbb809fb9dc1d8
                          • Instruction Fuzzy Hash: 7E415C75A01309AFEB64DF94E944B9A7BF9FF49354F040068EE869B350D735A910CB60
                          Function 01021EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                            • Part of subcall function 01023CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01023CCA
                          • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 01021F64
                          • GetDlgCtrlID.USER32 ref: 01021F6F
                          • GetParent.USER32 ref: 01021F8B
                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 01021F8E
                          • GetDlgCtrlID.USER32(?), ref: 01021F97
                          • GetParent.USER32(?), ref: 01021FAB
                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 01021FAE
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                          • String ID: ComboBox$ListBox
                          • API String ID: 711023334-1403004172
                          • Opcode ID: 1d1e760794a1baa7861174b3e91a699eb0abbcea61ea867a256f27fe79c62432
                          • Instruction ID: 5d24f25f310ced39a65197146877f66f421599b62c1bc43841e2af3da15d1569
                          • Opcode Fuzzy Hash: 1d1e760794a1baa7861174b3e91a699eb0abbcea61ea867a256f27fe79c62432
                          • Instruction Fuzzy Hash: 2D21C270904228BBDF14AFA4CD85EEEBBB8EF19310F000159F9A167291CB795518DB70
                          Function 01021FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                            • Part of subcall function 01023CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01023CCA
                          • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 01022043
                          • GetDlgCtrlID.USER32 ref: 0102204E
                          • GetParent.USER32 ref: 0102206A
                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 0102206D
                          • GetDlgCtrlID.USER32(?), ref: 01022076
                          • GetParent.USER32(?), ref: 0102208A
                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 0102208D
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                          • String ID: ComboBox$ListBox
                          • API String ID: 711023334-1403004172
                          • Opcode ID: 1689a49dae17cfe0a41bf7dd0f4065c3a631c553495322c69504265e0b0266eb
                          • Instruction ID: 781f48905ad5444b4773d9e201d680c6d42f80b03759ee0b3ed33c0bba8f35cc
                          • Opcode Fuzzy Hash: 1689a49dae17cfe0a41bf7dd0f4065c3a631c553495322c69504265e0b0266eb
                          • Instruction Fuzzy Hash: 0221CF71900228BBDF10AFA4CD89EEEBFB9EF19300F000459F991A7192CA7D5518DB60
                          Function 01053A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 01053A9D
                          • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 01053AA0
                          • GetWindowLongW.USER32(?,000000F0), ref: 01053AC7
                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 01053AEA
                          • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 01053B62
                          • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 01053BAC
                          • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 01053BC7
                          • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 01053BE2
                          • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 01053BF6
                          • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 01053C13
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$LongWindow
                          • String ID:
                          • API String ID: 312131281-0
                          • Opcode ID: c1315efd01d67d187dd1626155eb5d4e423ad0221aba4eaff9d7f1f8f95b7e45
                          • Instruction ID: 3ef2263a9acbe68eb9d8ddf8d6e44f88fc32209227154796f8623ba1fd012a63
                          • Opcode Fuzzy Hash: c1315efd01d67d187dd1626155eb5d4e423ad0221aba4eaff9d7f1f8f95b7e45
                          • Instruction Fuzzy Hash: 3A617D75A00249AFEB21DF68CC81EEE77F8FB09710F100199FA55EB291D774A941DB50
                          Function 0102B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                          Download Yara Rule
                          APIs
                          • GetCurrentThreadId.KERNEL32 ref: 0102B151
                          • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0102A1E1,?,00000001), ref: 0102B165
                          • GetWindowThreadProcessId.USER32(00000000), ref: 0102B16C
                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0102A1E1,?,00000001), ref: 0102B17B
                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 0102B18D
                          • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0102A1E1,?,00000001), ref: 0102B1A6
                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0102A1E1,?,00000001), ref: 0102B1B8
                          • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0102A1E1,?,00000001), ref: 0102B1FD
                          • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0102A1E1,?,00000001), ref: 0102B212
                          • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0102A1E1,?,00000001), ref: 0102B21D
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                          • String ID:
                          • API String ID: 2156557900-0
                          • Opcode ID: aeaaa9867708ce28470e54b8da47532f259a0a1bc3a227c6c344c2930c0078c7
                          • Instruction ID: f84d306012f31faf402c357ace7f3b8cf80ed2afd664db6efed98c31cc15b807
                          • Opcode Fuzzy Hash: aeaaa9867708ce28470e54b8da47532f259a0a1bc3a227c6c344c2930c0078c7
                          • Instruction Fuzzy Hash: C431DB71110314BFEB259F28D868B7E7BEDFB86311F104005FA84DA185C7BAA940CF20
                          Function 00FF2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                          Download Yara Rule
                          APIs
                          • _free.LIBCMT ref: 00FF2C94
                            • Part of subcall function 00FF29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FFD7D1,00000000,00000000,00000000,00000000,?,00FFD7F8,00000000,00000007,00000000,?,00FFDBF5,00000000), ref: 00FF29DE
                            • Part of subcall function 00FF29C8: GetLastError.KERNEL32(00000000,?,00FFD7D1,00000000,00000000,00000000,00000000,?,00FFD7F8,00000000,00000007,00000000,?,00FFDBF5,00000000,00000000), ref: 00FF29F0
                          • _free.LIBCMT ref: 00FF2CA0
                          • _free.LIBCMT ref: 00FF2CAB
                          • _free.LIBCMT ref: 00FF2CB6
                          • _free.LIBCMT ref: 00FF2CC1
                          • _free.LIBCMT ref: 00FF2CCC
                          • _free.LIBCMT ref: 00FF2CD7
                          • _free.LIBCMT ref: 00FF2CE2
                          • _free.LIBCMT ref: 00FF2CED
                          • _free.LIBCMT ref: 00FF2CFB
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _free$ErrorFreeHeapLast
                          • String ID:
                          • API String ID: 776569668-0
                          • Opcode ID: 19b1341ee5d380043d2940f5b5c260b134748e32f740a98fb95b9dd47378e0f4
                          • Instruction ID: c11759ee45280e5e052465ff94ef05542455bbcebb6c2302b63b8f459a96020c
                          • Opcode Fuzzy Hash: 19b1341ee5d380043d2940f5b5c260b134748e32f740a98fb95b9dd47378e0f4
                          • Instruction Fuzzy Hash: DA11947654010DAFCB52EF58DC82CED3BB5BF05350F414495FA485B232D675EA50BB90
                          Function 01037DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                          Download Yara Rule
                          APIs
                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 01037FAD
                          • SetCurrentDirectoryW.KERNEL32(?), ref: 01037FC1
                          • GetFileAttributesW.KERNEL32(?), ref: 01037FEB
                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 01038005
                          • SetCurrentDirectoryW.KERNEL32(?), ref: 01038017
                          • SetCurrentDirectoryW.KERNEL32(?), ref: 01038060
                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 010380B0
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CurrentDirectory$AttributesFile
                          • String ID: *.*
                          • API String ID: 769691225-438819550
                          • Opcode ID: 7782e9c6ea9f09919c9d5652bbc570df94bb92c7ea881982eb9053917055e682
                          • Instruction ID: 774cfb945afbeb9c08ce29ca94f7de0805d82a5f62e389e237269fbd9b8dcc67
                          • Opcode Fuzzy Hash: 7782e9c6ea9f09919c9d5652bbc570df94bb92c7ea881982eb9053917055e682
                          • Instruction Fuzzy Hash: AF819EB25043419BDB64EF18C884AAEB7ECBBC8310F14885EF9C5D7251E735D9458BA2
                          Function 00FC5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                          Download Yara Rule
                          APIs
                          • SetWindowLongW.USER32(?,000000EB), ref: 00FC5C7A
                            • Part of subcall function 00FC5D0A: GetClientRect.USER32(?,?), ref: 00FC5D30
                            • Part of subcall function 00FC5D0A: GetWindowRect.USER32(?,?), ref: 00FC5D71
                            • Part of subcall function 00FC5D0A: ScreenToClient.USER32(?,?), ref: 00FC5D99
                          • GetDC.USER32 ref: 010046F5
                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 01004708
                          • SelectObject.GDI32(00000000,00000000), ref: 01004716
                          • SelectObject.GDI32(00000000,00000000), ref: 0100472B
                          • ReleaseDC.USER32(?,00000000), ref: 01004733
                          • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 010047C4
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                          • String ID: U
                          • API String ID: 4009187628-3372436214
                          • Opcode ID: 3f235b8d1ae84e7bfb76770ce67b26c12644e073720c0e0bd57cd14d8d87f1d3
                          • Instruction ID: f7b82be1c8d0baea46e4b1d235d77a4be5f6376b5aea324bcc95dbbd71f7d638
                          • Opcode Fuzzy Hash: 3f235b8d1ae84e7bfb76770ce67b26c12644e073720c0e0bd57cd14d8d87f1d3
                          • Instruction Fuzzy Hash: 4B71F331500206DFEF22CF68CA85EFA3BB5FF49360F1402A9EE959A196C3319881DF50
                          Function 0103359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                          Download Yara Rule
                          APIs
                          • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 010335E4
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                          • LoadStringW.USER32(01092390,?,00000FFF,?), ref: 0103360A
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: LoadString$_wcslen
                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                          • API String ID: 4099089115-2391861430
                          • Opcode ID: 0e6faf2606d1243ef1f4454aae77e6d58f404298c078e62abb5f885a8d2f5317
                          • Instruction ID: 6d85711dc951cd5b38fd62c8ff3765965d9f15136e774fb8bc3af3769a6bbf56
                          • Opcode Fuzzy Hash: 0e6faf2606d1243ef1f4454aae77e6d58f404298c078e62abb5f885a8d2f5317
                          • Instruction Fuzzy Hash: 5A51B031D0421BBADF15EBA0CD86EEEBB79BF14340F048129F14576191DB351A98EF60
                          Function 0103C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                          Download Yara Rule
                          APIs
                          • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0103C272
                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0103C29A
                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0103C2CA
                          • GetLastError.KERNEL32 ref: 0103C322
                          • SetEvent.KERNEL32(?), ref: 0103C336
                          • InternetCloseHandle.WININET(00000000), ref: 0103C341
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                          • String ID:
                          • API String ID: 3113390036-3916222277
                          • Opcode ID: 1b0e70776f08aa077303c57a24a367bdc5451ad2e60db9ac715331a1da40e547
                          • Instruction ID: 48811ce6ca4e22ef835c42542d3977be037ffddce4915a8f7fe0ccbfa99a557c
                          • Opcode Fuzzy Hash: 1b0e70776f08aa077303c57a24a367bdc5451ad2e60db9ac715331a1da40e547
                          • Instruction Fuzzy Hash: 1F318271600308AFF7319F65CA84AAF7BFCEB89644B04851EF4C6E3200DB35DA058B61
                          Function 0102989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,01003AAF,?,?,Bad directive syntax error,0105CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 010298BC
                          • LoadStringW.USER32(00000000,?,01003AAF,?), ref: 010298C3
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                          • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 01029987
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: HandleLoadMessageModuleString_wcslen
                          • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                          • API String ID: 858772685-4153970271
                          • Opcode ID: 25206b2f5672494f889329f96be01fbb59dd700bdacf85c1714736d02d23898d
                          • Instruction ID: 25f2a527efb01c5154c6763193a25110809c81239e310b1d0403bc8730685b40
                          • Opcode Fuzzy Hash: 25206b2f5672494f889329f96be01fbb59dd700bdacf85c1714736d02d23898d
                          • Instruction Fuzzy Hash: AB217C3190422BABDF11AF90CD0AEEE7779BF18304F04446AF55566092EB769618DB10
                          Function 0102209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetParent.USER32 ref: 010220AB
                          • GetClassNameW.USER32(00000000,?,00000100), ref: 010220C0
                          • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0102214D
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ClassMessageNameParentSend
                          • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                          • API String ID: 1290815626-3381328864
                          • Opcode ID: 2f45e85075fc0931fbeff21bf132dc53e357297958735a3f261d7e58e69432c6
                          • Instruction ID: 6ca7ee579840d137d27b49355c0c767cc06e992f3138d99a69aafc2adfac9f93
                          • Opcode Fuzzy Hash: 2f45e85075fc0931fbeff21bf132dc53e357297958735a3f261d7e58e69432c6
                          • Instruction Fuzzy Hash: B3110A7E688316B9F71135A5DC06DEB37DCDF24724B20016AFBC4A9092FE6968116A18
                          Function 00FF8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 14597e59a0fd2d33f3a43a76b6f0b91e6c1b4472684cd821a9139090ada769d0
                          • Instruction ID: 17ac4573dbd4a8b49f2a0bf3f7d1f83dcac98538d7c4c57fb1491463f07f1dd5
                          • Opcode Fuzzy Hash: 14597e59a0fd2d33f3a43a76b6f0b91e6c1b4472684cd821a9139090ada769d0
                          • Instruction Fuzzy Hash: DDC1F775D0824DAFDB11DFA8D841BBD7BB4BF09320F044099F654A73A2CB758941EB61
                          Function 00FFCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                          • String ID:
                          • API String ID: 1282221369-0
                          • Opcode ID: a2647b6f26e1cd0569072d3cb61d4d53564c42d212751d50a1c967c6bd45bf04
                          • Instruction ID: d022b358697606af2772dc40e3bbb1e0e133f3d9fb3531e622e3052d56a0bcee
                          • Opcode Fuzzy Hash: a2647b6f26e1cd0569072d3cb61d4d53564c42d212751d50a1c967c6bd45bf04
                          • Instruction Fuzzy Hash: 63614772D0522DABDB31AF74998167EBBA9AF01320F04416DFB41972E5D73A9900B7A0
                          Function 010550D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 01055186
                          • ShowWindow.USER32(?,00000000), ref: 010551C7
                          • ShowWindow.USER32(?,00000005,?,00000000), ref: 010551CD
                          • SetFocus.USER32(?,?,00000005,?,00000000), ref: 010551D1
                            • Part of subcall function 01056FBA: DeleteObject.GDI32(00000000), ref: 01056FE6
                          • GetWindowLongW.USER32(?,000000F0), ref: 0105520D
                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0105521A
                          • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0105524D
                          • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 01055287
                          • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 01055296
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                          • String ID:
                          • API String ID: 3210457359-0
                          • Opcode ID: 35ee238ada85d401226ee792f47c78481adf355c66cb59f17d78926954905ec4
                          • Instruction ID: 95a0c269e7be0b72935979374433d34bfcbbdff57419f31d9c0baef01b17ac60
                          • Opcode Fuzzy Hash: 35ee238ada85d401226ee792f47c78481adf355c66cb59f17d78926954905ec4
                          • Instruction Fuzzy Hash: 3151C330A40209BEFFB09E68CC49BDA3FA5FB05360F044052FE95962D0D7B5A580DB45
                          Function 00FD8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                          Download Yara Rule
                          APIs
                          • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 01016890
                          • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 010168A9
                          • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 010168B9
                          • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 010168D1
                          • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 010168F2
                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00FD8874,00000000,00000000,00000000,000000FF,00000000), ref: 01016901
                          • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0101691E
                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00FD8874,00000000,00000000,00000000,000000FF,00000000), ref: 0101692D
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Icon$DestroyExtractImageLoadMessageSend
                          • String ID:
                          • API String ID: 1268354404-0
                          • Opcode ID: 8cab751b31283e2dede9dd8a2b1aeda8fd4124e02a749d4783ae7fb62a11aa4c
                          • Instruction ID: 11bbdc937d03782f80c8bd8da2e1c63b0bedca8f5597303306c375ce37feacc2
                          • Opcode Fuzzy Hash: 8cab751b31283e2dede9dd8a2b1aeda8fd4124e02a749d4783ae7fb62a11aa4c
                          • Instruction Fuzzy Hash: 1D51A170600305EFDB20CF28CC51FAA7BB6FB84360F14451AF99697290DBB5E951EB50
                          Function 0103C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                          Download Yara Rule
                          APIs
                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0103C182
                          • GetLastError.KERNEL32 ref: 0103C195
                          • SetEvent.KERNEL32(?), ref: 0103C1A9
                            • Part of subcall function 0103C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0103C272
                            • Part of subcall function 0103C253: GetLastError.KERNEL32 ref: 0103C322
                            • Part of subcall function 0103C253: SetEvent.KERNEL32(?), ref: 0103C336
                            • Part of subcall function 0103C253: InternetCloseHandle.WININET(00000000), ref: 0103C341
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                          • String ID:
                          • API String ID: 337547030-0
                          • Opcode ID: f6e0352a39e5e653f57fc986bee02959773251396a39fdc923d6006373464bbc
                          • Instruction ID: 5b1f618e27d04c84c56b95cd071e34ed11bd72ae17014cad035ba66ca079f3cb
                          • Opcode Fuzzy Hash: f6e0352a39e5e653f57fc986bee02959773251396a39fdc923d6006373464bbc
                          • Instruction Fuzzy Hash: A7318C71200745AFFB219FA9DE44A6BBBFCFF99200B04441EF99AE6604D735E414DBA0
                          Function 010225A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 01023A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 01023A57
                            • Part of subcall function 01023A3D: GetCurrentThreadId.KERNEL32 ref: 01023A5E
                            • Part of subcall function 01023A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,010225B3), ref: 01023A65
                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 010225BD
                          • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 010225DB
                          • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 010225DF
                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 010225E9
                          • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 01022601
                          • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 01022605
                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 0102260F
                          • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 01022623
                          • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 01022627
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                          • String ID:
                          • API String ID: 2014098862-0
                          • Opcode ID: 97aae6be61dfcb4e7ebcb30617c04c8addf2205ede54d7e8f4610b8f359e7ea5
                          • Instruction ID: 323a42cda52609bb6bfb8179a5f4ec3677e86790daec4cedc132da0dc3fe99ef
                          • Opcode Fuzzy Hash: 97aae6be61dfcb4e7ebcb30617c04c8addf2205ede54d7e8f4610b8f359e7ea5
                          • Instruction Fuzzy Hash: 3501D831790320BBFB2066689C8AF5A3F9DDB4EB11F100011F398AE1C4C9F624448A69
                          Function 01021803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                          Download Yara Rule
                          APIs
                          • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,01021449,?,?,00000000), ref: 0102180C
                          • HeapAlloc.KERNEL32(00000000,?,01021449,?,?,00000000), ref: 01021813
                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,01021449,?,?,00000000), ref: 01021828
                          • GetCurrentProcess.KERNEL32(?,00000000,?,01021449,?,?,00000000), ref: 01021830
                          • DuplicateHandle.KERNEL32(00000000,?,01021449,?,?,00000000), ref: 01021833
                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,01021449,?,?,00000000), ref: 01021843
                          • GetCurrentProcess.KERNEL32(01021449,00000000,?,01021449,?,?,00000000), ref: 0102184B
                          • DuplicateHandle.KERNEL32(00000000,?,01021449,?,?,00000000), ref: 0102184E
                          • CreateThread.KERNEL32(00000000,00000000,01021874,00000000,00000000,00000000), ref: 01021868
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                          • String ID:
                          • API String ID: 1957940570-0
                          • Opcode ID: 9fce01b3726a50a5744a3818ab667b120d865c644b8f4f97b45900891fef21be
                          • Instruction ID: 8d364d6dd7cadcd09232f5efe679a8422e67878fb5012f47330c03beec6fb9f6
                          • Opcode Fuzzy Hash: 9fce01b3726a50a5744a3818ab667b120d865c644b8f4f97b45900891fef21be
                          • Instruction Fuzzy Hash: 4901BBB5640308BFF720ABB5DD4DF6B7BACEB8AB11F004411FA45DB195CA759840CB24
                          Function 0104A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 0102D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0102D501
                            • Part of subcall function 0102D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0102D50F
                            • Part of subcall function 0102D4DC: CloseHandle.KERNEL32(00000000), ref: 0102D5DC
                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0104A16D
                          • GetLastError.KERNEL32 ref: 0104A180
                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0104A1B3
                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 0104A268
                          • GetLastError.KERNEL32(00000000), ref: 0104A273
                          • CloseHandle.KERNEL32(00000000), ref: 0104A2C4
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                          • String ID: SeDebugPrivilege
                          • API String ID: 2533919879-2896544425
                          • Opcode ID: 2ad0385e4334a39e509b5edc3c56f833a621ccc0db0fb6e4707b50a71034dcc2
                          • Instruction ID: 48fca4bb565c42aa1d6958c5d9d20eb1204a153d9f87e090f53971d5292d605e
                          • Opcode Fuzzy Hash: 2ad0385e4334a39e509b5edc3c56f833a621ccc0db0fb6e4707b50a71034dcc2
                          • Instruction Fuzzy Hash: 2461CE70248242EFE720DF18C5D4F1ABBE5AF44318F18849CE4A68B7A3C776E945CB91
                          Function 01053886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 01053925
                          • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0105393A
                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 01053954
                          • _wcslen.LIBCMT ref: 01053999
                          • SendMessageW.USER32(?,00001057,00000000,?), ref: 010539C6
                          • SendMessageW.USER32(?,00001061,?,0000000F), ref: 010539F4
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$Window_wcslen
                          • String ID: SysListView32
                          • API String ID: 2147712094-78025650
                          • Opcode ID: 71fc773a26352faeb3fcc048507b5997d094a1ea9e4af97972b031220567ed4c
                          • Instruction ID: 9c35a0fbef4de49a094d20ac5a6706439e454b1f04fff4cb1dcb348baf026cb2
                          • Opcode Fuzzy Hash: 71fc773a26352faeb3fcc048507b5997d094a1ea9e4af97972b031220567ed4c
                          • Instruction Fuzzy Hash: AD419571A00319ABEF619F64CC45BEF7BA9FF08390F10056AF994EB281D7759980CB90
                          Function 0102BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0102BCFD
                          • IsMenu.USER32(00000000), ref: 0102BD1D
                          • CreatePopupMenu.USER32 ref: 0102BD53
                          • GetMenuItemCount.USER32(01115CC0), ref: 0102BDA4
                          • InsertMenuItemW.USER32(01115CC0,?,00000001,00000030), ref: 0102BDCC
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Menu$Item$CountCreateInfoInsertPopup
                          • String ID: 0$2
                          • API String ID: 93392585-3793063076
                          • Opcode ID: 032592f6ff76553866af90eb4fad8fa0ab55d6e04dd31c2a8bc6dc87a4dcd636
                          • Instruction ID: 8a8e04986d0e455715629c8a09ae17dc54ae20e3e4063c45577023371c7aadde
                          • Opcode Fuzzy Hash: 032592f6ff76553866af90eb4fad8fa0ab55d6e04dd31c2a8bc6dc87a4dcd636
                          • Instruction Fuzzy Hash: 1651D1706003299BEF21EFACC984BEEBFF8BF45314F14419AE5919B291E7709941CB52
                          Function 0102C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                          Download Yara Rule
                          APIs
                          • LoadIconW.USER32(00000000,00007F03), ref: 0102C913
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: IconLoad
                          • String ID: blank$info$question$stop$warning
                          • API String ID: 2457776203-404129466
                          • Opcode ID: 58d7b6b527a57cb2820812f42a9d7e009c096e21f1796b6daf798ee0dafa91bd
                          • Instruction ID: 8e1a89db48e3a874dcec79b44020ab7de005fc20e6c5a6c198def6c1ab4f2d2d
                          • Opcode Fuzzy Hash: 58d7b6b527a57cb2820812f42a9d7e009c096e21f1796b6daf798ee0dafa91bd
                          • Instruction Fuzzy Hash: D7113D31789357BAF7016B599D83CAE37DCDF05730B10007EF584AA182E7F96E0062A8
                          Function 0102DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                          • String ID: 0.0.0.0
                          • API String ID: 642191829-3771769585
                          • Opcode ID: 339affa41d25d86f4aafdde9f0f6a05bdf48d663ddff5e0ef02fcff873e83e22
                          • Instruction ID: 784317da60bfddd55f350039bebe27480662c81083677083a66d722db74c1b70
                          • Opcode Fuzzy Hash: 339affa41d25d86f4aafdde9f0f6a05bdf48d663ddff5e0ef02fcff873e83e22
                          • Instruction Fuzzy Hash: 2311E771904319ABEB30BB659C09DEF77ACDF14710F0401A9F5C5A6041EF799A819760
                          Function 01059F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FD9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FD9BB2
                          • GetSystemMetrics.USER32(0000000F), ref: 01059FC7
                          • GetSystemMetrics.USER32(0000000F), ref: 01059FE7
                          • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0105A224
                          • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0105A242
                          • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0105A263
                          • ShowWindow.USER32(00000003,00000000), ref: 0105A282
                          • InvalidateRect.USER32(?,00000000,00000001), ref: 0105A2A7
                          • DefDlgProcW.USER32(?,00000005,?,?), ref: 0105A2CA
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                          • String ID:
                          • API String ID: 1211466189-0
                          • Opcode ID: e5914ea7ddebbd0e20383ea0e8c5e24bcea0f09f28b16ea164d33d604fe02c5c
                          • Instruction ID: b4722747d52ee339bc6092f67254f661c3f6b849ae62d2550f86313c52691653
                          • Opcode Fuzzy Hash: e5914ea7ddebbd0e20383ea0e8c5e24bcea0f09f28b16ea164d33d604fe02c5c
                          • Instruction Fuzzy Hash: 53B17C31600219DBEF94CF6CC9857AE7BF2FF48751F0881A9ED859B289D735A940CB60
                          Function 0102ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen$LocalTime
                          • String ID:
                          • API String ID: 952045576-0
                          • Opcode ID: 5aef371500f81fcf66b88923c6fd3ac6a14b5f58c926128b6ffd89562d613e15
                          • Instruction ID: cd3b670ec017e3d2cd4ee77eebb44f4918bc2dd9bb0627f3a128e369998b659b
                          • Opcode Fuzzy Hash: 5aef371500f81fcf66b88923c6fd3ac6a14b5f58c926128b6ffd89562d613e15
                          • Instruction Fuzzy Hash: 9E41C365C1026875CB11EBF5CC8A9CFB7A8AF45310F408466E618F3122FB38E245D3E6
                          Function 00FDF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                          Download Yara Rule
                          APIs
                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0101682C,00000004,00000000,00000000), ref: 00FDF953
                          • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0101682C,00000004,00000000,00000000), ref: 0101F3D1
                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0101682C,00000004,00000000,00000000), ref: 0101F454
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ShowWindow
                          • String ID:
                          • API String ID: 1268545403-0
                          • Opcode ID: 10be42dfbc0d2bff610dadd5dedad31f141ac1cda44bb2c626e9d162c2f6f0c5
                          • Instruction ID: be2267c059f3dfc12497d53c7fd7bd2b09b13c9145793260495ae6dad4473b3b
                          • Opcode Fuzzy Hash: 10be42dfbc0d2bff610dadd5dedad31f141ac1cda44bb2c626e9d162c2f6f0c5
                          • Instruction Fuzzy Hash: BA412F31E08781BBD7358B2DCDA8F2A7B97BB45324F0C402EE1C756758C67A9488E712
                          Function 01052D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                          Download Yara Rule
                          APIs
                          • DeleteObject.GDI32(00000000), ref: 01052D1B
                          • GetDC.USER32(00000000), ref: 01052D23
                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01052D2E
                          • ReleaseDC.USER32(00000000,00000000), ref: 01052D3A
                          • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 01052D76
                          • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 01052D87
                          • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,01055A65,?,?,000000FF,00000000,?,000000FF,?), ref: 01052DC2
                          • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 01052DE1
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                          • String ID:
                          • API String ID: 3864802216-0
                          • Opcode ID: d2f58566900b3763015d9747563e1baaeaf283b1c86878ffd2d122e00c44211f
                          • Instruction ID: a0fd4a8ae3251f9bf3310243cd61408583d61002e8e5f086aecf790648640c4a
                          • Opcode Fuzzy Hash: d2f58566900b3763015d9747563e1baaeaf283b1c86878ffd2d122e00c44211f
                          • Instruction Fuzzy Hash: 79316B72201314BBFB618F548D89FEB3FADEF09715F044055FE889A285C67A9850CBB4
                          Function 01025622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _memcmp
                          • String ID:
                          • API String ID: 2931989736-0
                          • Opcode ID: 7178dc44c79759bf173765fcf89abaf8a0b8a45c863a877237b883b16514a8b6
                          • Instruction ID: 1b1812e248ba600f2f477009d07f8e785921e87ce475585c71f00493e155dea5
                          • Opcode Fuzzy Hash: 7178dc44c79759bf173765fcf89abaf8a0b8a45c863a877237b883b16514a8b6
                          • Instruction Fuzzy Hash: 1621C271A4126ABBA26496276E86FFB339CBE14384F040024FE849B641F738ED1081A9
                          Function 01044FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID: NULL Pointer assignment$Not an Object type
                          • API String ID: 0-572801152
                          • Opcode ID: 031fbacd2f3e09278f7d61916f76887f1cff481db0d85fc67dc0fb0000423421
                          • Instruction ID: 80b2b611d0bab77dd71aae9f789d97faea32cc175846759567541ce28bca34ae
                          • Opcode Fuzzy Hash: 031fbacd2f3e09278f7d61916f76887f1cff481db0d85fc67dc0fb0000423421
                          • Instruction Fuzzy Hash: D4D171B5A0020AAFDF10DF98CCC0AAEBBF5BF48314F1484B9E955AB291E771D945CB50
                          Function 01001522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                          Download Yara Rule
                          APIs
                          • GetCPInfo.KERNEL32(?,?), ref: 010015CE
                          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 01001651
                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 010016E4
                          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 010016FB
                            • Part of subcall function 00FF3820: RtlAllocateHeap.NTDLL(00000000,?,01091444,?,00FDFDF5,?,?,00FCA976,00000010,01091440,00FC13FC,?,00FC13C6,?,00FC1129), ref: 00FF3852
                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 01001777
                          • __freea.LIBCMT ref: 010017A2
                          • __freea.LIBCMT ref: 010017AE
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                          • String ID:
                          • API String ID: 2829977744-0
                          • Opcode ID: 41fe0f0ead9c033af42afc9da49b04b04329d2b2242971a2bc5edf9aa1af2e99
                          • Instruction ID: 0ef39a0bcf21ac7225295c77445786635df3057151423361b051f47cbd068ea8
                          • Opcode Fuzzy Hash: 41fe0f0ead9c033af42afc9da49b04b04329d2b2242971a2bc5edf9aa1af2e99
                          • Instruction Fuzzy Hash: AB91C971E042169EFB228E78CC81AFE7BF5AF49310F184599E985EB1C0D736D940C7A0
                          Function 01044523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Variant$ClearInit
                          • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                          • API String ID: 2610073882-625585964
                          • Opcode ID: 15ea1e5664f69e827f69e4f84e990a4a52995401a4e63dc90291a2d1d5c624da
                          • Instruction ID: ac89dcf5554bd51aa06d12c8360e184950356fc9e0070afb1537bc29e4144514
                          • Opcode Fuzzy Hash: 15ea1e5664f69e827f69e4f84e990a4a52995401a4e63dc90291a2d1d5c624da
                          • Instruction Fuzzy Hash: 05916DB1A00219EBDF20CFA5C884FAEBBB8FF45714F108569E595EB281D7709945CFA0
                          Function 01031187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                          Download Yara Rule
                          APIs
                          • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0103125C
                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 01031284
                          • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 010312A8
                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 010312D8
                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0103135F
                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 010313C4
                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 01031430
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ArraySafe$Data$Access$UnaccessVartype
                          • String ID:
                          • API String ID: 2550207440-0
                          • Opcode ID: fd5fd3c78a26f79b1a1f4543825638d8bb8915ebfa0d49f20a05b875c75a582c
                          • Instruction ID: a220e1a2110e169b4b91a5c9571df80a5c11404d249e8e258626f621a063c77d
                          • Opcode Fuzzy Hash: fd5fd3c78a26f79b1a1f4543825638d8bb8915ebfa0d49f20a05b875c75a582c
                          • Instruction Fuzzy Hash: B291C4719003099FEB00DF98C884BFE7BB9FF89315F144069E591E7291DB79A941CB90
                          Function 00FD948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ObjectSelect$BeginCreatePath
                          • String ID:
                          • API String ID: 3225163088-0
                          • Opcode ID: c056724ca39866bcccba324523fc0d162fa939d6fae4446f01f843c7d748db30
                          • Instruction ID: 21371f97ec9320ecff31838538254874637765d811a701f8beebfaff822e7fc8
                          • Opcode Fuzzy Hash: c056724ca39866bcccba324523fc0d162fa939d6fae4446f01f843c7d748db30
                          • Instruction Fuzzy Hash: 71915971D04209AFCB10CFE9CC84AEEBBB9FF49320F18845AE515B7255D379A941DB60
                          Function 01043947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                          Download Yara Rule
                          APIs
                          • VariantInit.OLEAUT32(?), ref: 0104396B
                          • CharUpperBuffW.USER32(?,?), ref: 01043A7A
                          • _wcslen.LIBCMT ref: 01043A8A
                          • VariantClear.OLEAUT32(?), ref: 01043C1F
                            • Part of subcall function 01030CDF: VariantInit.OLEAUT32(00000000), ref: 01030D1F
                            • Part of subcall function 01030CDF: VariantCopy.OLEAUT32(?,?), ref: 01030D28
                            • Part of subcall function 01030CDF: VariantClear.OLEAUT32(?), ref: 01030D34
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                          • String ID: AUTOIT.ERROR$Incorrect Parameter format
                          • API String ID: 4137639002-1221869570
                          • Opcode ID: fc60985956940e0bcaa4ab868d3b4a868ff52ad2fd9801146a0cddda1e7a8ff9
                          • Instruction ID: 9c43d12a0d923884d7b2271afc15dea901fae87ffb4308d34d92575152ff717c
                          • Opcode Fuzzy Hash: fc60985956940e0bcaa4ab868d3b4a868ff52ad2fd9801146a0cddda1e7a8ff9
                          • Instruction Fuzzy Hash: 3A9169B4A083059FC704EF28C58196ABBE5FF88314F04886DF98A9B351DB35ED05CB92
                          Function 01044BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 0102000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0101FF41,80070057,?,?,?,0102035E), ref: 0102002B
                            • Part of subcall function 0102000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0101FF41,80070057,?,?), ref: 01020046
                            • Part of subcall function 0102000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0101FF41,80070057,?,?), ref: 01020054
                            • Part of subcall function 0102000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0101FF41,80070057,?), ref: 01020064
                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 01044C51
                          • _wcslen.LIBCMT ref: 01044D59
                          • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 01044DCF
                          • CoTaskMemFree.OLE32(?), ref: 01044DDA
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                          • String ID: NULL Pointer assignment
                          • API String ID: 614568839-2785691316
                          • Opcode ID: 6aa9cd856bb0a04b7ed203fb862c3276e5b9c9dfd5105f9469e5718aa6f5a0ad
                          • Instruction ID: d77a575598807d5c8e1bf439c2cb7b95234b179cc1dd36e464274dbec64d597b
                          • Opcode Fuzzy Hash: 6aa9cd856bb0a04b7ed203fb862c3276e5b9c9dfd5105f9469e5718aa6f5a0ad
                          • Instruction Fuzzy Hash: 219116B1D0021DAFDF24DFA4CC91EEEBBB8BF08314F104169E955A7241DB749A448F60
                          Function 010520FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetMenu.USER32(?), ref: 01052183
                          • GetMenuItemCount.USER32(00000000), ref: 010521B5
                          • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 010521DD
                          • _wcslen.LIBCMT ref: 01052213
                          • GetMenuItemID.USER32(?,?), ref: 0105224D
                          • GetSubMenu.USER32(?,?), ref: 0105225B
                            • Part of subcall function 01023A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 01023A57
                            • Part of subcall function 01023A3D: GetCurrentThreadId.KERNEL32 ref: 01023A5E
                            • Part of subcall function 01023A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,010225B3), ref: 01023A65
                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 010522E3
                            • Part of subcall function 0102E97B: Sleep.KERNEL32 ref: 0102E9F3
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                          • String ID:
                          • API String ID: 4196846111-0
                          • Opcode ID: 56ad1e7ddc658e649523e0d3ff79f927559c7cdc9e8d650827cc1edc53b91bfa
                          • Instruction ID: 3ce57a922eca48220be17eb98896b0f7160ee81d54144a072f3bc6544d1c8876
                          • Opcode Fuzzy Hash: 56ad1e7ddc658e649523e0d3ff79f927559c7cdc9e8d650827cc1edc53b91bfa
                          • Instruction Fuzzy Hash: DF718079A00205EFCB50DF68C945AAFBBF5EF48350F148499E956EB341D738E941CB90
                          Function 01057E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                          Download Yara Rule
                          APIs
                          • IsWindow.USER32(01115BF8), ref: 01057F37
                          • IsWindowEnabled.USER32(01115BF8), ref: 01057F43
                          • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0105801E
                          • SendMessageW.USER32(01115BF8,000000B0,?,?), ref: 01058051
                          • IsDlgButtonChecked.USER32(?,?), ref: 01058089
                          • GetWindowLongW.USER32(01115BF8,000000EC), ref: 010580AB
                          • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 010580C3
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                          • String ID:
                          • API String ID: 4072528602-0
                          • Opcode ID: 05c1f238c15229d55b6313a8b724b69d2381bd51de946ba85167edbd709c8b7b
                          • Instruction ID: 146e43f2bc98a1b03c4d4bd81f416d98f30121885eae8e92ac7aca06f3659c0f
                          • Opcode Fuzzy Hash: 05c1f238c15229d55b6313a8b724b69d2381bd51de946ba85167edbd709c8b7b
                          • Instruction Fuzzy Hash: C3717E34604205AFEBA1DF58C894FEBBBF9EF09300F54449AEEC597251C732A940EB20
                          Function 0102AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetParent.USER32(?), ref: 0102AEF9
                          • GetKeyboardState.USER32(?), ref: 0102AF0E
                          • SetKeyboardState.USER32(?), ref: 0102AF6F
                          • PostMessageW.USER32(?,00000101,00000010,?), ref: 0102AF9D
                          • PostMessageW.USER32(?,00000101,00000011,?), ref: 0102AFBC
                          • PostMessageW.USER32(?,00000101,00000012,?), ref: 0102AFFD
                          • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0102B020
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessagePost$KeyboardState$Parent
                          • String ID:
                          • API String ID: 87235514-0
                          • Opcode ID: 234bfe5fe8380f45904b05cf7b9cf1daacd7ac0a9a3a03b52c4c79a23d813984
                          • Instruction ID: 024ebdc7c23a0201df5d682c4a3152b71a37ef41e6ee50693691bd13be7e2b30
                          • Opcode Fuzzy Hash: 234bfe5fe8380f45904b05cf7b9cf1daacd7ac0a9a3a03b52c4c79a23d813984
                          • Instruction Fuzzy Hash: A451D3A06047E57DFB7742788845BBABFE95B06304F0884C9F2E9568C3D69DA8C8D760
                          Function 0102ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetParent.USER32(00000000), ref: 0102AD19
                          • GetKeyboardState.USER32(?), ref: 0102AD2E
                          • SetKeyboardState.USER32(?), ref: 0102AD8F
                          • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0102ADBB
                          • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0102ADD8
                          • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0102AE17
                          • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0102AE38
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessagePost$KeyboardState$Parent
                          • String ID:
                          • API String ID: 87235514-0
                          • Opcode ID: 3b50296a5abc039d6caf14e26b238f5a0ae39bf989178220108fef8cbe7e17cd
                          • Instruction ID: f41307ece1156cc5ff96f970d84a89639e083c2dd257652de2495009d8a7cdf2
                          • Opcode Fuzzy Hash: 3b50296a5abc039d6caf14e26b238f5a0ae39bf989178220108fef8cbe7e17cd
                          • Instruction Fuzzy Hash: A351D6A16047F57EFB3792388C55BBABED85B46300F0884C8E2D657CC3DA94E889D760
                          Function 00FF542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetConsoleCP.KERNEL32(01003CD6,?,?,?,?,?,?,?,?,00FF5BA3,?,?,01003CD6,?,?), ref: 00FF5470
                          • __fassign.LIBCMT ref: 00FF54EB
                          • __fassign.LIBCMT ref: 00FF5506
                          • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,01003CD6,00000005,00000000,00000000), ref: 00FF552C
                          • WriteFile.KERNEL32(?,01003CD6,00000000,00FF5BA3,00000000,?,?,?,?,?,?,?,?,?,00FF5BA3,?), ref: 00FF554B
                          • WriteFile.KERNEL32(?,?,00000001,00FF5BA3,00000000,?,?,?,?,?,?,?,?,?,00FF5BA3,?), ref: 00FF5584
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                          • String ID:
                          • API String ID: 1324828854-0
                          • Opcode ID: 09ddde60377197e679aacacb425d96092c12fd97b5669ffeef4446c2eb6f451e
                          • Instruction ID: 6ebd66f48d67a48cf05a9370c2d360ead33936e95e0e457a541f10c9caa01604
                          • Opcode Fuzzy Hash: 09ddde60377197e679aacacb425d96092c12fd97b5669ffeef4446c2eb6f451e
                          • Instruction Fuzzy Hash: E551C3B1D007499FDB20CFA8D855AEEBBF9EF09710F18411AF655E72A1D7309A41CB60
                          Function 00FE2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                          Download Yara Rule
                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 00FE2D4B
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00FE2D53
                          • _ValidateLocalCookies.LIBCMT ref: 00FE2DE1
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00FE2E0C
                          • _ValidateLocalCookies.LIBCMT ref: 00FE2E61
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm
                          • API String ID: 1170836740-1018135373
                          • Opcode ID: 824f54a0b3170f3b42a29db578f8d99b4d210fb8f4b6e54c42a81283c284f03e
                          • Instruction ID: 980e30fc76dc22de51c3298eb83a282b1591a6cda5cb5228ba5faf4b810a682f
                          • Opcode Fuzzy Hash: 824f54a0b3170f3b42a29db578f8d99b4d210fb8f4b6e54c42a81283c284f03e
                          • Instruction Fuzzy Hash: EA41E735E00249ABCF20DF6ACC49A9EBBB9BF44324F148155F9146B392E775DA01DBD0
                          Function 010410B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 0104304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0104307A
                            • Part of subcall function 0104304E: _wcslen.LIBCMT ref: 0104309B
                          • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 01041112
                          • WSAGetLastError.WSOCK32 ref: 01041121
                          • WSAGetLastError.WSOCK32 ref: 010411C9
                          • closesocket.WSOCK32(00000000), ref: 010411F9
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                          • String ID:
                          • API String ID: 2675159561-0
                          • Opcode ID: 5d99a501d6d1642553feed984b07c6cb04daee13ccebcf4c58561ab330fe8906
                          • Instruction ID: 0d450863020bb97fdde7721dc001742491c7d01e04d4a5d26837939badffbec9
                          • Opcode Fuzzy Hash: 5d99a501d6d1642553feed984b07c6cb04daee13ccebcf4c58561ab330fe8906
                          • Instruction Fuzzy Hash: D741F675600204AFEB109F28C985BAABBE9FF45324F048069FC959B295C775BD81CBE0
                          Function 0102CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 0102DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0102CF22,?), ref: 0102DDFD
                            • Part of subcall function 0102DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0102CF22,?), ref: 0102DE16
                          • lstrcmpiW.KERNEL32(?,?), ref: 0102CF45
                          • MoveFileW.KERNEL32(?,?), ref: 0102CF7F
                          • _wcslen.LIBCMT ref: 0102D005
                          • _wcslen.LIBCMT ref: 0102D01B
                          • SHFileOperationW.SHELL32(?), ref: 0102D061
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                          • String ID: \*.*
                          • API String ID: 3164238972-1173974218
                          • Opcode ID: 0f4f1206bf16d8418db907b39b581c6ea6ddc4b0968584d94d4a6c2f42e45f2e
                          • Instruction ID: 5688414898bbea0a180a10835d01b389cc37ef12d627df8130ab68b88075e96f
                          • Opcode Fuzzy Hash: 0f4f1206bf16d8418db907b39b581c6ea6ddc4b0968584d94d4a6c2f42e45f2e
                          • Instruction Fuzzy Hash: F34128719452295FEF52EBA4DA81EDE77F8AF18380F1000E6D589EB141EA35A644CB50
                          Function 01052DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 01052E1C
                          • GetWindowLongW.USER32(?,000000F0), ref: 01052E4F
                          • GetWindowLongW.USER32(?,000000F0), ref: 01052E84
                          • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 01052EB6
                          • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 01052EE0
                          • GetWindowLongW.USER32(?,000000F0), ref: 01052EF1
                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 01052F0B
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: LongWindow$MessageSend
                          • String ID:
                          • API String ID: 2178440468-0
                          • Opcode ID: 8d86cc4ed8457abe852cf242d27827e809daf7e69f2db55d276c260069ea3fd3
                          • Instruction ID: 76bccba61c4628aa52693b5f63795d9ca253704de5b17014be7daeed66a17428
                          • Opcode Fuzzy Hash: 8d86cc4ed8457abe852cf242d27827e809daf7e69f2db55d276c260069ea3fd3
                          • Instruction Fuzzy Hash: EA31F830604251EFEBA2CF58DD84F6637E5FF59720F1501A4F9908B2A6C776B840EB51
                          Function 01027726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                          Download Yara Rule
                          APIs
                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 01027769
                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0102778F
                          • SysAllocString.OLEAUT32(00000000), ref: 01027792
                          • SysAllocString.OLEAUT32(?), ref: 010277B0
                          • SysFreeString.OLEAUT32(?), ref: 010277B9
                          • StringFromGUID2.OLE32(?,?,00000028), ref: 010277DE
                          • SysAllocString.OLEAUT32(?), ref: 010277EC
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                          • String ID:
                          • API String ID: 3761583154-0
                          • Opcode ID: fa14d5e3a52f6b429462286b50e88784493e7cbab30159df49788da5bcd3877e
                          • Instruction ID: 9a98645b1aa4ed39562b1fe76f06b239c37be4f77a92d1f539d45cce9428896f
                          • Opcode Fuzzy Hash: fa14d5e3a52f6b429462286b50e88784493e7cbab30159df49788da5bcd3877e
                          • Instruction Fuzzy Hash: 9621B076600329AFEF10DEACCC88CBB77ECFB092647048065FA45DB255DA74DC418B60
                          Function 010277FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                          Download Yara Rule
                          APIs
                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 01027842
                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 01027868
                          • SysAllocString.OLEAUT32(00000000), ref: 0102786B
                          • SysAllocString.OLEAUT32 ref: 0102788C
                          • SysFreeString.OLEAUT32 ref: 01027895
                          • StringFromGUID2.OLE32(?,?,00000028), ref: 010278AF
                          • SysAllocString.OLEAUT32(?), ref: 010278BD
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                          • String ID:
                          • API String ID: 3761583154-0
                          • Opcode ID: adafb4d7ec3865639d3db1008121faa0475c09330b5fe903acd4cb7eff5e8b2e
                          • Instruction ID: 5df3af677189a333bfa61c0ccc42861fee8c2374a75a5c9510912a625c709224
                          • Opcode Fuzzy Hash: adafb4d7ec3865639d3db1008121faa0475c09330b5fe903acd4cb7eff5e8b2e
                          • Instruction Fuzzy Hash: 2121A131604224AFEB159FACDC88DBB77ECEB093607008125F955CB295EAB4DC41CB74
                          Function 010305A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                          Download Yara Rule
                          APIs
                          • GetStdHandle.KERNEL32(000000F6), ref: 010305C6
                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 01030601
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CreateHandlePipe
                          • String ID: nul
                          • API String ID: 1424370930-2873401336
                          • Opcode ID: 76266996ae1ee7c50ba95b5db1e619693ab2887be42e0f044685e667052526f0
                          • Instruction ID: 308e2c9878d4942387fbd0b01c8f75959240a3a12335119d46d3e33c135bbb74
                          • Opcode Fuzzy Hash: 76266996ae1ee7c50ba95b5db1e619693ab2887be42e0f044685e667052526f0
                          • Instruction Fuzzy Hash: 62217F755013059BEB209F6DC804A9A7BECAFC9B24F200A59F9E1E72DCD7719550DB10
                          Function 010304D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                          Download Yara Rule
                          APIs
                          • GetStdHandle.KERNEL32(0000000C), ref: 010304F2
                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0103052E
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CreateHandlePipe
                          • String ID: nul
                          • API String ID: 1424370930-2873401336
                          • Opcode ID: 622dabdefa120b6bb370741c0df7e5d4e1e7878291e2eb3a577aa7a2fda1355d
                          • Instruction ID: 51844d149b8d3e07aac192eb9b087ef19ae5774bc8025f7d220c60337446c2f9
                          • Opcode Fuzzy Hash: 622dabdefa120b6bb370741c0df7e5d4e1e7878291e2eb3a577aa7a2fda1355d
                          • Instruction Fuzzy Hash: F021AB70601305EBEB208F2DD804A9B7BECAF84760F204A58F9E1D62D8D7709540CB20
                          Function 010540AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00FC604C
                            • Part of subcall function 00FC600E: GetStockObject.GDI32(00000011), ref: 00FC6060
                            • Part of subcall function 00FC600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00FC606A
                          • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 01054112
                          • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0105411F
                          • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0105412A
                          • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 01054139
                          • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 01054145
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$CreateObjectStockWindow
                          • String ID: Msctls_Progress32
                          • API String ID: 1025951953-3636473452
                          • Opcode ID: c5f55fce36b23097cf60c7d0452861bf73f645aca57f4137652a3d551ffcce35
                          • Instruction ID: 7ab4a15ccf73bfa0533fec486c28eb5def585b5dde7dc4132665620872b699a2
                          • Opcode Fuzzy Hash: c5f55fce36b23097cf60c7d0452861bf73f645aca57f4137652a3d551ffcce35
                          • Instruction Fuzzy Hash: 8611B2B224021ABEEF219E65CC85EE77F9DEF08798F004111BA58E6050C6769C61DBA4
                          Function 00FFD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FFD7A3: _free.LIBCMT ref: 00FFD7CC
                          • _free.LIBCMT ref: 00FFD82D
                            • Part of subcall function 00FF29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FFD7D1,00000000,00000000,00000000,00000000,?,00FFD7F8,00000000,00000007,00000000,?,00FFDBF5,00000000), ref: 00FF29DE
                            • Part of subcall function 00FF29C8: GetLastError.KERNEL32(00000000,?,00FFD7D1,00000000,00000000,00000000,00000000,?,00FFD7F8,00000000,00000007,00000000,?,00FFDBF5,00000000,00000000), ref: 00FF29F0
                          • _free.LIBCMT ref: 00FFD838
                          • _free.LIBCMT ref: 00FFD843
                          • _free.LIBCMT ref: 00FFD897
                          • _free.LIBCMT ref: 00FFD8A2
                          • _free.LIBCMT ref: 00FFD8AD
                          • _free.LIBCMT ref: 00FFD8B8
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _free$ErrorFreeHeapLast
                          • String ID:
                          • API String ID: 776569668-0
                          • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                          • Instruction ID: 9de7b4f6082d016ce59511fa0de5f8da0c18a91d7f817d19722c6b279839e9c0
                          • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                          • Instruction Fuzzy Hash: 1C115172580B0CAAD531BFB0CC47FEB7BED6F00700F400825B399AA0B2DA69B505B650
                          Function 0102DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0102DA74
                          • LoadStringW.USER32(00000000), ref: 0102DA7B
                          • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0102DA91
                          • LoadStringW.USER32(00000000), ref: 0102DA98
                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0102DADC
                          Strings
                          • %s (%d) : ==> %s: %s %s, xrefs: 0102DAB9
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: HandleLoadModuleString$Message
                          • String ID: %s (%d) : ==> %s: %s %s
                          • API String ID: 4072794657-3128320259
                          • Opcode ID: 4c1d0eeedc9440b7d5f8272c4c2ea3fde19adc5f6cb70ab192f2e3ec7340ebb5
                          • Instruction ID: b05c91d3122f162a0875518ea9dc9c48f4ea91aa625d604b2e3cbd1633c8b0d9
                          • Opcode Fuzzy Hash: 4c1d0eeedc9440b7d5f8272c4c2ea3fde19adc5f6cb70ab192f2e3ec7340ebb5
                          • Instruction Fuzzy Hash: 470162F25003187FF751ABA49E89EEB376CE708305F404496F786E2041EA759E848F74
                          Function 0103096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                          Download Yara Rule
                          APIs
                          • InterlockedExchange.KERNEL32(0110E1A8,0110E1A8), ref: 0103097B
                          • EnterCriticalSection.KERNEL32(0110E188,00000000), ref: 0103098D
                          • TerminateThread.KERNEL32(?,000001F6), ref: 0103099B
                          • WaitForSingleObject.KERNEL32(?,000003E8), ref: 010309A9
                          • CloseHandle.KERNEL32(?), ref: 010309B8
                          • InterlockedExchange.KERNEL32(0110E1A8,000001F6), ref: 010309C8
                          • LeaveCriticalSection.KERNEL32(0110E188), ref: 010309CF
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                          • String ID:
                          • API String ID: 3495660284-0
                          • Opcode ID: 6dc5cff37530c15df33a912915050f927ae9576065552ea50cdb346a258ef332
                          • Instruction ID: c7c822fdf70a4c5ca7e6ef8755b82e0f6e2bd127865c82af2aa914965a58ef83
                          • Opcode Fuzzy Hash: 6dc5cff37530c15df33a912915050f927ae9576065552ea50cdb346a258ef332
                          • Instruction Fuzzy Hash: 5FF01D31442702BBF7615B94EF88ADB7A6DFF41742F401016F24250898CB7A9465CF90
                          Function 00FC5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                          Download Yara Rule
                          APIs
                          • GetClientRect.USER32(?,?), ref: 00FC5D30
                          • GetWindowRect.USER32(?,?), ref: 00FC5D71
                          • ScreenToClient.USER32(?,?), ref: 00FC5D99
                          • GetClientRect.USER32(?,?), ref: 00FC5ED7
                          • GetWindowRect.USER32(?,?), ref: 00FC5EF8
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Rect$Client$Window$Screen
                          • String ID:
                          • API String ID: 1296646539-0
                          • Opcode ID: bb80e12d6d94adcb3d27e1d4e39105cc89c081ce219998a94f17a6d0b9e52a18
                          • Instruction ID: 9ad9ab4ee54f3c96dc367451108c16a0915e3aaac04c079fc576306d5498b101
                          • Opcode Fuzzy Hash: bb80e12d6d94adcb3d27e1d4e39105cc89c081ce219998a94f17a6d0b9e52a18
                          • Instruction Fuzzy Hash: A1B15A35A0074ADBEB14CFA8C581BEEB7F1FF48310F14841AE9A9D7250DB34AA91DB54
                          Function 00FF01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                          Download Yara Rule
                          APIs
                          • __allrem.LIBCMT ref: 00FF00BA
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FF00D6
                          • __allrem.LIBCMT ref: 00FF00ED
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FF010B
                          • __allrem.LIBCMT ref: 00FF0122
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FF0140
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                          • String ID:
                          • API String ID: 1992179935-0
                          • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                          • Instruction ID: df71b17c2ba2a5636abf643135a9e3dba29a5334d18f6972d526577056c5dcaf
                          • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                          • Instruction Fuzzy Hash: D8812772A00B4A9BE7209F29CC41B7A73E8AF41330F24463AF651D62E2EF74D904A750
                          Function 01041D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 01043149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,0104101C,00000000,?,?,00000000), ref: 01043195
                          • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 01041DC0
                          • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 01041DE1
                          • WSAGetLastError.WSOCK32 ref: 01041DF2
                          • inet_ntoa.WSOCK32(?), ref: 01041E8C
                          • htons.WSOCK32(?,?,?,?,?), ref: 01041EDB
                          • _strlen.LIBCMT ref: 01041F35
                            • Part of subcall function 010239E8: _strlen.LIBCMT ref: 010239F2
                            • Part of subcall function 00FC6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,00FDCF58,?,?,?), ref: 00FC6DBA
                            • Part of subcall function 00FC6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00FDCF58,?,?,?), ref: 00FC6DED
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                          • String ID:
                          • API String ID: 1923757996-0
                          • Opcode ID: 537057456f148be2c1edc1dfe42b6ea7730ebd6cae18b55af9b84390fdb82a46
                          • Instruction ID: f3b8d53c008aca892b2fa0be10488c3f4dd67c6488461cba5bfbd8143ab02826
                          • Opcode Fuzzy Hash: 537057456f148be2c1edc1dfe42b6ea7730ebd6cae18b55af9b84390fdb82a46
                          • Instruction Fuzzy Hash: 4AA1F2B0104301AFD324EF24C886F2A7BE5AF94318F54496CF5965B2E2CB35ED86CB91
                          Function 00FF61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                          Download Yara Rule
                          APIs
                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00FE82D9,00FE82D9,?,?,?,00FF644F,00000001,00000001,8BE85006), ref: 00FF6258
                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00FF644F,00000001,00000001,8BE85006,?,?,?), ref: 00FF62DE
                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00FF63D8
                          • __freea.LIBCMT ref: 00FF63E5
                            • Part of subcall function 00FF3820: RtlAllocateHeap.NTDLL(00000000,?,01091444,?,00FDFDF5,?,?,00FCA976,00000010,01091440,00FC13FC,?,00FC13C6,?,00FC1129), ref: 00FF3852
                          • __freea.LIBCMT ref: 00FF63EE
                          • __freea.LIBCMT ref: 00FF6413
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                          • String ID:
                          • API String ID: 1414292761-0
                          • Opcode ID: 3657f03c8ccd5bb9a61cdcf1e61a1c9a34078c92edbb1c2a490b09c55786d422
                          • Instruction ID: 242523f8bdc59ce8eb3a35639bc8eac4d0eb21e2b2707d4f9f9f0e879e04db7d
                          • Opcode Fuzzy Hash: 3657f03c8ccd5bb9a61cdcf1e61a1c9a34078c92edbb1c2a490b09c55786d422
                          • Instruction Fuzzy Hash: 2C51E472A0021AABEF258E64CC81EBF77A9EF55760F154229FE05D7260DF38DC44E660
                          Function 0104BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                            • Part of subcall function 0104C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0104B6AE,?,?), ref: 0104C9B5
                            • Part of subcall function 0104C998: _wcslen.LIBCMT ref: 0104C9F1
                            • Part of subcall function 0104C998: _wcslen.LIBCMT ref: 0104CA68
                            • Part of subcall function 0104C998: _wcslen.LIBCMT ref: 0104CA9E
                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0104BCCA
                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0104BD25
                          • RegCloseKey.ADVAPI32(00000000), ref: 0104BD6A
                          • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0104BD99
                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0104BDF3
                          • RegCloseKey.ADVAPI32(?), ref: 0104BDFF
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                          • String ID:
                          • API String ID: 1120388591-0
                          • Opcode ID: 874e2fd3b58f9df258b4b9219698e3be3bc7d517f946c3ea3c4827a9e1a4781b
                          • Instruction ID: 91e8daccb695ddc013b552c41720e0a753b824bc4c5ec2f362f165359407d3e9
                          • Opcode Fuzzy Hash: 874e2fd3b58f9df258b4b9219698e3be3bc7d517f946c3ea3c4827a9e1a4781b
                          • Instruction Fuzzy Hash: F7819170108341AFD754EF24C9C5E2ABBE5FF84308F1489ACF5954B2A2DB36E945CB92
                          Function 0101F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VariantInit.OLEAUT32(00000035), ref: 0101F7B9
                          • SysAllocString.OLEAUT32(00000001), ref: 0101F860
                          • VariantCopy.OLEAUT32(0101FA64,00000000), ref: 0101F889
                          • VariantClear.OLEAUT32(0101FA64), ref: 0101F8AD
                          • VariantCopy.OLEAUT32(0101FA64,00000000), ref: 0101F8B1
                          • VariantClear.OLEAUT32(?), ref: 0101F8BB
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Variant$ClearCopy$AllocInitString
                          • String ID:
                          • API String ID: 3859894641-0
                          • Opcode ID: 390579252f748b284909ae2380e6a4c0c59c6739fcf3a91b28dd6d304e18d0fe
                          • Instruction ID: 8bae87679104a89594adb95f3b9d6cd9775e00a3d76a8604395782515680d156
                          • Opcode Fuzzy Hash: 390579252f748b284909ae2380e6a4c0c59c6739fcf3a91b28dd6d304e18d0fe
                          • Instruction Fuzzy Hash: 7151E931500322BADF20BB65D885B6DB3EAEF45310F144497E946DF299DB7C8C48CB56
                          Function 0103910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC7620: _wcslen.LIBCMT ref: 00FC7625
                            • Part of subcall function 00FC6B57: _wcslen.LIBCMT ref: 00FC6B6A
                          • GetOpenFileNameW.COMDLG32(00000058), ref: 010394E5
                          • _wcslen.LIBCMT ref: 01039506
                          • _wcslen.LIBCMT ref: 0103952D
                          • GetSaveFileNameW.COMDLG32(00000058), ref: 01039585
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen$FileName$OpenSave
                          • String ID: X
                          • API String ID: 83654149-3081909835
                          • Opcode ID: 513a505c2f06723563c21e83e65316807d7c28f25fb2be9fbe6f9d575af7b881
                          • Instruction ID: a78f3887bcbaecf7f1116aaf85a3cbc7f7ffaff01860813437abb272eaebf5b0
                          • Opcode Fuzzy Hash: 513a505c2f06723563c21e83e65316807d7c28f25fb2be9fbe6f9d575af7b881
                          • Instruction Fuzzy Hash: 97E1AF315083418FD724EF24C982F6AB7E4BF84314F04896DF9899B2A2DB75ED44CB92
                          Function 00FD920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FD9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FD9BB2
                          • BeginPaint.USER32(?,?,?), ref: 00FD9241
                          • GetWindowRect.USER32(?,?), ref: 00FD92A5
                          • ScreenToClient.USER32(?,?), ref: 00FD92C2
                          • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00FD92D3
                          • EndPaint.USER32(?,?,?,?,?), ref: 00FD9321
                          • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 010171EA
                            • Part of subcall function 00FD9339: BeginPath.GDI32(00000000), ref: 00FD9357
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                          • String ID:
                          • API String ID: 3050599898-0
                          • Opcode ID: f82ad2e58da6317fd998d9df3994ddf13fa66357a91d5148c38cf8fc36cb8886
                          • Instruction ID: d7cb8de7fa64e7ecdbd2ba102a67fbc83fe1a1ec1981a25690f9d6c020377caf
                          • Opcode Fuzzy Hash: f82ad2e58da6317fd998d9df3994ddf13fa66357a91d5148c38cf8fc36cb8886
                          • Instruction Fuzzy Hash: 6741C231108301AFD721DF58C884FBA7BA9FB45330F08066AF994872E5C77A9845EB61
                          Function 010307EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                          Download Yara Rule
                          APIs
                          • InterlockedExchange.KERNEL32(?,000001F5), ref: 0103080C
                          • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 01030847
                          • EnterCriticalSection.KERNEL32(?), ref: 01030863
                          • LeaveCriticalSection.KERNEL32(?), ref: 010308DC
                          • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 010308F3
                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 01030921
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                          • String ID:
                          • API String ID: 3368777196-0
                          • Opcode ID: 3843e49126dda1effa90a55336334386cd13a213ec1f679dec85122bda2427dd
                          • Instruction ID: ec1929d558a3b3195518caee25230c116c36b33ca0a923eaf6740c765874b817
                          • Opcode Fuzzy Hash: 3843e49126dda1effa90a55336334386cd13a213ec1f679dec85122bda2427dd
                          • Instruction Fuzzy Hash: E6419A31900205EBEF15DF54DC85AAAB7B9FF44300F1480A6FD449A29BDB35DE64DBA0
                          Function 010581DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                          Download Yara Rule
                          APIs
                          • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0101F3AB,00000000,?,?,00000000,?,0101682C,00000004,00000000,00000000), ref: 0105824C
                          • EnableWindow.USER32(?,00000000), ref: 01058272
                          • ShowWindow.USER32(FFFFFFFF,00000000), ref: 010582D1
                          • ShowWindow.USER32(?,00000004), ref: 010582E5
                          • EnableWindow.USER32(?,00000001), ref: 0105830B
                          • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0105832F
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$Show$Enable$MessageSend
                          • String ID:
                          • API String ID: 642888154-0
                          • Opcode ID: 00d3ab9a75f53bb98cf8e58b58577003804cd9a50f6f7c899f85d6477b36c514
                          • Instruction ID: eea3dc3a7a2716eb73ba5f0f1c9fb37955c1df7de2b0509184eacaa568558a08
                          • Opcode Fuzzy Hash: 00d3ab9a75f53bb98cf8e58b58577003804cd9a50f6f7c899f85d6477b36c514
                          • Instruction Fuzzy Hash: 0A41B934601745AFEFA2CF1AC499BE67FE0FB09754F1481A6EE988B167C3366441CB50
                          Function 010422DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                          Download Yara Rule
                          APIs
                          • GetForegroundWindow.USER32(?,?,00000000), ref: 010422E8
                            • Part of subcall function 0103E4EC: GetWindowRect.USER32(?,?), ref: 0103E504
                          • GetDesktopWindow.USER32 ref: 01042312
                          • GetWindowRect.USER32(00000000), ref: 01042319
                          • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 01042355
                          • GetCursorPos.USER32(?), ref: 01042381
                          • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 010423DF
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$Rectmouse_event$CursorDesktopForeground
                          • String ID:
                          • API String ID: 2387181109-0
                          • Opcode ID: a706179f201bddf1150173d89fd62b9ddc23c6640b474847ac272aeadfb92fd8
                          • Instruction ID: f48f9bb7081130830021525666b9ea11066c879d7dabdd5d876b772fd7de3f75
                          • Opcode Fuzzy Hash: a706179f201bddf1150173d89fd62b9ddc23c6640b474847ac272aeadfb92fd8
                          • Instruction Fuzzy Hash: 8631AFB2604315ABD721DF54D844A9BBBE9FF88714F004A29F9C597181DB35EA08CB92
                          Function 01024C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                          Download Yara Rule
                          APIs
                          • IsWindowVisible.USER32(?), ref: 01024C95
                          • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 01024CB2
                          • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 01024CEA
                          • _wcslen.LIBCMT ref: 01024D08
                          • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 01024D10
                          • _wcsstr.LIBVCRUNTIME ref: 01024D1A
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                          • String ID:
                          • API String ID: 72514467-0
                          • Opcode ID: dc0f5a6e23f168fa73d2800fa5b3c47bca846be3a6985a2f5684ab95c59635c3
                          • Instruction ID: 08c06b2daed4a189d128964c82e57a538dcaf29f29074cba74dbd8870c2efbd8
                          • Opcode Fuzzy Hash: dc0f5a6e23f168fa73d2800fa5b3c47bca846be3a6985a2f5684ab95c59635c3
                          • Instruction Fuzzy Hash: 412129326042147BFB666B39EC49E7F7BDCDF49750F10407AF849CA192EA75D90097A0
                          Function 0103581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FC3A97,?,?,00FC2E7F,?,?,?,00000000), ref: 00FC3AC2
                          • _wcslen.LIBCMT ref: 0103587B
                          • CoInitialize.OLE32(00000000), ref: 01035995
                          • CoCreateInstance.OLE32(0105FCF8,00000000,00000001,0105FB68,?), ref: 010359AE
                          • CoUninitialize.OLE32 ref: 010359CC
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                          • String ID: .lnk
                          • API String ID: 3172280962-24824748
                          • Opcode ID: dcdc67553acdbc418475a6a21ca35d867513c48a6a19e8bd826e26cc9c863392
                          • Instruction ID: f0e32dfe3233a86e6ea245aae3bde374afa6e1d5753e6c63be5e30582e6ef9f1
                          • Opcode Fuzzy Hash: dcdc67553acdbc418475a6a21ca35d867513c48a6a19e8bd826e26cc9c863392
                          • Instruction Fuzzy Hash: ACD155756083019FC714DF18C984A2ABBE9EF89710F14889DF8899B361DB35ED45CF92
                          Function 0102175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 01020FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 01020FCA
                            • Part of subcall function 01020FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 01020FD6
                            • Part of subcall function 01020FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 01020FE5
                            • Part of subcall function 01020FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 01020FEC
                            • Part of subcall function 01020FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 01021002
                          • GetLengthSid.ADVAPI32(?,00000000,01021335), ref: 010217AE
                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 010217BA
                          • HeapAlloc.KERNEL32(00000000), ref: 010217C1
                          • CopySid.ADVAPI32(00000000,00000000,?), ref: 010217DA
                          • GetProcessHeap.KERNEL32(00000000,00000000,01021335), ref: 010217EE
                          • HeapFree.KERNEL32(00000000), ref: 010217F5
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                          • String ID:
                          • API String ID: 3008561057-0
                          • Opcode ID: 9794241e490cc0a11d9f44b8861b75a73041acc0e154672abab3cf821170619d
                          • Instruction ID: 57310ed7d7966720eef19297455f624e27117aeeb4e1fe1425ad4b831675edb0
                          • Opcode Fuzzy Hash: 9794241e490cc0a11d9f44b8861b75a73041acc0e154672abab3cf821170619d
                          • Instruction Fuzzy Hash: AA117C31500315EFEB649FA8CD49BAF7BF9FB86255F144098F5C197204D73AA944CB60
                          Function 010214CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                          Download Yara Rule
                          APIs
                          • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 010214FF
                          • OpenProcessToken.ADVAPI32(00000000), ref: 01021506
                          • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 01021515
                          • CloseHandle.KERNEL32(00000004), ref: 01021520
                          • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0102154F
                          • DestroyEnvironmentBlock.USERENV(00000000), ref: 01021563
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                          • String ID:
                          • API String ID: 1413079979-0
                          • Opcode ID: 71966ec241ff33e4879e28f9eeeecf0d2a841a8e01afbfcac084da0c163b5e3c
                          • Instruction ID: d2ba6aafdb6ae4b2004fbc802fdb504019b56e3f5b998ba4759b2f0f089a91a7
                          • Opcode Fuzzy Hash: 71966ec241ff33e4879e28f9eeeecf0d2a841a8e01afbfcac084da0c163b5e3c
                          • Instruction Fuzzy Hash: 1411267250035DABEF218FA8DE49BDE7BADFF08744F0441A5FA45A2060C3768E64DB60
                          Function 00FE3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32(?,?,00FE3379,00FE2FE5), ref: 00FE3390
                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00FE339E
                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00FE33B7
                          • SetLastError.KERNEL32(00000000,?,00FE3379,00FE2FE5), ref: 00FE3409
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorLastValue___vcrt_
                          • String ID:
                          • API String ID: 3852720340-0
                          • Opcode ID: b4f9436e4ab5ed42cd13bb8953d6a901b7541bb7b62c59c3193a37535b60a4c7
                          • Instruction ID: 734f81a275b0dfcaa7c3f46efe9cd7b7efd5e29e6f507158c16ca2fa9457a736
                          • Opcode Fuzzy Hash: b4f9436e4ab5ed42cd13bb8953d6a901b7541bb7b62c59c3193a37535b60a4c7
                          • Instruction Fuzzy Hash: 3C014533A0D3512EB73226767D8DEAB2AA4DB023B43300229F050831E1EF1A0E027A64
                          Function 00FF2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32(?,?,00FF5686,01003CD6,?,00000000,?,00FF5B6A,?,?,?,?,?,00FEE6D1,?,01088A48), ref: 00FF2D78
                          • _free.LIBCMT ref: 00FF2DAB
                          • _free.LIBCMT ref: 00FF2DD3
                          • SetLastError.KERNEL32(00000000,?,?,?,?,00FEE6D1,?,01088A48,00000010,00FC4F4A,?,?,00000000,01003CD6), ref: 00FF2DE0
                          • SetLastError.KERNEL32(00000000,?,?,?,?,00FEE6D1,?,01088A48,00000010,00FC4F4A,?,?,00000000,01003CD6), ref: 00FF2DEC
                          • _abort.LIBCMT ref: 00FF2DF2
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorLast$_free$_abort
                          • String ID:
                          • API String ID: 3160817290-0
                          • Opcode ID: 8cf661e0c12f1d969d0e558010df84190091156ee501125289e8f62b8b7d8b0b
                          • Instruction ID: c735035285cc46b94544d7aea0e83b5861626b441550afdbc9a096437459c066
                          • Opcode Fuzzy Hash: 8cf661e0c12f1d969d0e558010df84190091156ee501125289e8f62b8b7d8b0b
                          • Instruction Fuzzy Hash: 14F02832945B0C27D7B23638BC16E7F3569AFC27B0F240419FB64921B6EF2D89017220
                          Function 01058A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FD9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00FD9693
                            • Part of subcall function 00FD9639: SelectObject.GDI32(?,00000000), ref: 00FD96A2
                            • Part of subcall function 00FD9639: BeginPath.GDI32(?), ref: 00FD96B9
                            • Part of subcall function 00FD9639: SelectObject.GDI32(?,00000000), ref: 00FD96E2
                          • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 01058A4E
                          • LineTo.GDI32(?,00000003,00000000), ref: 01058A62
                          • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 01058A70
                          • LineTo.GDI32(?,00000000,00000003), ref: 01058A80
                          • EndPath.GDI32(?), ref: 01058A90
                          • StrokePath.GDI32(?), ref: 01058AA0
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                          • String ID:
                          • API String ID: 43455801-0
                          • Opcode ID: 28a06ee15a76ec42216631e4d2243519298fc779712fbfe2509346c3e06eb7f6
                          • Instruction ID: 502803efbeb40fc7acfd72f54a848111b39607c9fa55b8e885de5a3c2a6256bd
                          • Opcode Fuzzy Hash: 28a06ee15a76ec42216631e4d2243519298fc779712fbfe2509346c3e06eb7f6
                          • Instruction Fuzzy Hash: A0110C76000209BFEF119F94DC88EAA7F6DEB05360F048052BE5595164C7769D55DB60
                          Function 010251FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                          Download Yara Rule
                          APIs
                          • GetDC.USER32(00000000), ref: 01025218
                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 01025229
                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01025230
                          • ReleaseDC.USER32(00000000,00000000), ref: 01025238
                          • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0102524F
                          • MulDiv.KERNEL32(000009EC,00000001,?), ref: 01025261
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CapsDevice$Release
                          • String ID:
                          • API String ID: 1035833867-0
                          • Opcode ID: ee64a29462e2d860398059447dec4755873b50cd67aa0eec5206b93b00ba65d1
                          • Instruction ID: a63a5569d5de01474af6f8eaee31b7264083630e4bdc15467f38b5817c104133
                          • Opcode Fuzzy Hash: ee64a29462e2d860398059447dec4755873b50cd67aa0eec5206b93b00ba65d1
                          • Instruction Fuzzy Hash: 6501DF71A00318BBFB109BA98D49A8FBFBCEF49711F044065FA44A7280D6709800CBA0
                          Function 00FC1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                          Download Yara Rule
                          APIs
                          • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00FC1BF4
                          • MapVirtualKeyW.USER32(00000010,00000000), ref: 00FC1BFC
                          • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00FC1C07
                          • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00FC1C12
                          • MapVirtualKeyW.USER32(00000011,00000000), ref: 00FC1C1A
                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00FC1C22
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Virtual
                          • String ID:
                          • API String ID: 4278518827-0
                          • Opcode ID: c59284d87521344cbe18fec0e6e660684ce94e8a2f3035b2debf312b90052779
                          • Instruction ID: 483108af15139658b71231cc0a5633f331f14e5b3b2a2298e007be33a836bc9b
                          • Opcode Fuzzy Hash: c59284d87521344cbe18fec0e6e660684ce94e8a2f3035b2debf312b90052779
                          • Instruction Fuzzy Hash: DA0167B0902B5ABDE3008F6A8C85B53FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                          Function 0102EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                          Download Yara Rule
                          APIs
                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0102EB30
                          • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0102EB46
                          • GetWindowThreadProcessId.USER32(?,?), ref: 0102EB55
                          • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0102EB64
                          • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0102EB6E
                          • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0102EB75
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                          • String ID:
                          • API String ID: 839392675-0
                          • Opcode ID: c7d33f0ef32762573887e55351bcaef8327c7bfabda26e6c5e877125d7a40b2b
                          • Instruction ID: e0dfb2b683a48d167a7d4b0bed1f7fa567d7b45e6d37463baa3f8bb8a7d05605
                          • Opcode Fuzzy Hash: c7d33f0ef32762573887e55351bcaef8327c7bfabda26e6c5e877125d7a40b2b
                          • Instruction Fuzzy Hash: 89F01772240358BBE7315A629D0EEAB7A7CEBCAB11F000158FA41D108596AA6A0187B5
                          Function 01017439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetClientRect.USER32(?), ref: 01017452
                          • SendMessageW.USER32(?,00001328,00000000,?), ref: 01017469
                          • GetWindowDC.USER32(?), ref: 01017475
                          • GetPixel.GDI32(00000000,?,?), ref: 01017484
                          • ReleaseDC.USER32(?,00000000), ref: 01017496
                          • GetSysColor.USER32(00000005), ref: 010174B0
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ClientColorMessagePixelRectReleaseSendWindow
                          • String ID:
                          • API String ID: 272304278-0
                          • Opcode ID: 4acee088de893e75e7f59ba18179b7659cdc37e3694e18df98709a9fb2435d30
                          • Instruction ID: 7196ee9c779686d78b51f571518489cb393fefba8f4a878ddbf9a73294e49462
                          • Opcode Fuzzy Hash: 4acee088de893e75e7f59ba18179b7659cdc37e3694e18df98709a9fb2435d30
                          • Instruction Fuzzy Hash: EF018B31440305EFEB615FA4DD08BAA7BB9FB08321F544060F996A3195CF3A1E41EB20
                          Function 01021874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                          Download Yara Rule
                          APIs
                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0102187F
                          • UnloadUserProfile.USERENV(?,?), ref: 0102188B
                          • CloseHandle.KERNEL32(?), ref: 01021894
                          • CloseHandle.KERNEL32(?), ref: 0102189C
                          • GetProcessHeap.KERNEL32(00000000,?), ref: 010218A5
                          • HeapFree.KERNEL32(00000000), ref: 010218AC
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                          • String ID:
                          • API String ID: 146765662-0
                          • Opcode ID: e51634a98a067ecf12216797e654c0ae46096a648504afea5696292a97f31e09
                          • Instruction ID: 20b34753ca39154b797830b7d7628cf7d0369afc976a8ba6481ce60b9df8c183
                          • Opcode Fuzzy Hash: e51634a98a067ecf12216797e654c0ae46096a648504afea5696292a97f31e09
                          • Instruction Fuzzy Hash: BAE0E536004705BBEB115FA1EE0C90BBF7DFF4AB22B108220F26681468CB37A4A0DB54
                          Function 0102C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC7620: _wcslen.LIBCMT ref: 00FC7625
                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0102C6EE
                          • _wcslen.LIBCMT ref: 0102C735
                          • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0102C79C
                          • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0102C7CA
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ItemMenu$Info_wcslen$Default
                          • String ID: 0
                          • API String ID: 1227352736-4108050209
                          • Opcode ID: 93f37a589ecffef1ebf34290204785ab05502a37f4bc30c4c239c6c1b89bbd1c
                          • Instruction ID: 063d94e9acfb0351e32b462428497c3ff32f2b35cb25c68c2fe07ce76b6cfc04
                          • Opcode Fuzzy Hash: 93f37a589ecffef1ebf34290204785ab05502a37f4bc30c4c239c6c1b89bbd1c
                          • Instruction Fuzzy Hash: DA5110316043219BF7A19E28CA88B6F7BE8BF49314F040A6DFAD6D3191DB74D804DB52
                          Function 0104AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                          Download Yara Rule
                          APIs
                          • ShellExecuteExW.SHELL32(0000003C), ref: 0104AEA3
                            • Part of subcall function 00FC7620: _wcslen.LIBCMT ref: 00FC7625
                          • GetProcessId.KERNEL32(00000000), ref: 0104AF38
                          • CloseHandle.KERNEL32(00000000), ref: 0104AF67
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CloseExecuteHandleProcessShell_wcslen
                          • String ID: <$@
                          • API String ID: 146682121-1426351568
                          • Opcode ID: 5c8221eed06ea1f1057eafc5bda4bef56398e601c6986ac796defcae2430c4f3
                          • Instruction ID: de4d0db9efe5dc4f06de8fa8ddcc9664b9da5e154165d9efd261185f4252f137
                          • Opcode Fuzzy Hash: 5c8221eed06ea1f1057eafc5bda4bef56398e601c6986ac796defcae2430c4f3
                          • Instruction Fuzzy Hash: 5C716A70A00215DFDB14EF55C985A9EBBF0AF08314F0484ADE896AB392C779ED45DB90
                          Function 0102719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 01027206
                          • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0102723C
                          • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0102724D
                          • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 010272CF
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorMode$AddressCreateInstanceProc
                          • String ID: DllGetClassObject
                          • API String ID: 753597075-1075368562
                          • Opcode ID: 41e6b2fef641df680cd0464140a6ca68112a828002808d2cde80e2c992d3fe56
                          • Instruction ID: c99e8303c3fa96d11b7f6697ae16dc79b1f4cc309cc30d5f7c2f5740defd9baf
                          • Opcode Fuzzy Hash: 41e6b2fef641df680cd0464140a6ca68112a828002808d2cde80e2c992d3fe56
                          • Instruction Fuzzy Hash: 59419D71A00214EFDB25CF54C884A9A7FA9EF56310F1180ADFD459F20AD7B1D948CBA0
                          Function 01053D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 01053E35
                          • IsMenu.USER32(?), ref: 01053E4A
                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 01053E92
                          • DrawMenuBar.USER32 ref: 01053EA5
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Menu$Item$DrawInfoInsert
                          • String ID: 0
                          • API String ID: 3076010158-4108050209
                          • Opcode ID: 924b3dfafd2e4ee44d58d0b5c32227537e21c5314f7ec3a0ecf2371a13666297
                          • Instruction ID: f98ec4545df8d801d33a9c7a82dc05466b634fcddabc8a7185076c93e96dda66
                          • Opcode Fuzzy Hash: 924b3dfafd2e4ee44d58d0b5c32227537e21c5314f7ec3a0ecf2371a13666297
                          • Instruction Fuzzy Hash: 69416A75A00209AFEB60DF94D884EABBBF9FF48394F044069ED859B280D735A940DF60
                          Function 01021DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                            • Part of subcall function 01023CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01023CCA
                          • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 01021E66
                          • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 01021E79
                          • SendMessageW.USER32(?,00000189,?,00000000), ref: 01021EA9
                            • Part of subcall function 00FC6B57: _wcslen.LIBCMT ref: 00FC6B6A
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$_wcslen$ClassName
                          • String ID: ComboBox$ListBox
                          • API String ID: 2081771294-1403004172
                          • Opcode ID: 35af84b5e4898e8594af4407c2376e93c3ccb909d840e1a6bd45a476f99567e8
                          • Instruction ID: ed54a79a4ece3b30d4e819c4c306ebe7cb5103052ec60b052c8850c95a139910
                          • Opcode Fuzzy Hash: 35af84b5e4898e8594af4407c2376e93c3ccb909d840e1a6bd45a476f99567e8
                          • Instruction Fuzzy Hash: C3214771A00209BEEF14AB64DD4ADFFBBBDEF45350B04412DF4A1A71D1DB7849099720
                          Function 0104C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen
                          • String ID: HKEY_LOCAL_MACHINE$HKLM
                          • API String ID: 176396367-4004644295
                          • Opcode ID: 9f1b0713df9adea5abc4e6a1fe11e00fb369714859e0dcfce77cb3ba6b825432
                          • Instruction ID: 97960f650f68f70995458cd3b3288e985c83ffad24027b1e64317052c8823285
                          • Opcode Fuzzy Hash: 9f1b0713df9adea5abc4e6a1fe11e00fb369714859e0dcfce77cb3ba6b825432
                          • Instruction Fuzzy Hash: 64314BB36021624BEB61EE2CDBC05BE37D15B51658B1540BDE8C1AB34AEA71CD64D3A0
                          Function 01052F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 01052F8D
                          • LoadLibraryW.KERNEL32(?), ref: 01052F94
                          • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 01052FA9
                          • DestroyWindow.USER32(?), ref: 01052FB1
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$DestroyLibraryLoadWindow
                          • String ID: SysAnimate32
                          • API String ID: 3529120543-1011021900
                          • Opcode ID: 21827b8f34af6cca360be30991fc336b0e92354f8ca7164a5b2ca96c9f237cf6
                          • Instruction ID: e459080fe17f927b5ef1be49b9bed3527cfbdacc21ec4236f0e5fbb15bfa108f
                          • Opcode Fuzzy Hash: 21827b8f34af6cca360be30991fc336b0e92354f8ca7164a5b2ca96c9f237cf6
                          • Instruction Fuzzy Hash: F621AC72204209EBEFA14F68EC80EBB37ADEF49364F100628FE90E6195D771DC519B60
                          Function 00FE4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00FE4D1E,00FF28E9,?,00FE4CBE,00FF28E9,010888B8,0000000C,00FE4E15,00FF28E9,00000002), ref: 00FE4D8D
                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00FE4DA0
                          • FreeLibrary.KERNEL32(00000000,?,?,?,00FE4D1E,00FF28E9,?,00FE4CBE,00FF28E9,010888B8,0000000C,00FE4E15,00FF28E9,00000002,00000000), ref: 00FE4DC3
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: AddressFreeHandleLibraryModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 4061214504-1276376045
                          • Opcode ID: d2447e4764cca6ef97856cec0b4d1b1cca145e7f4677b966a5bb0115bcf3cfad
                          • Instruction ID: 75205dadc6882e6b83a6a044db012e6e4891e6ae68338a04932ee0b03256b92b
                          • Opcode Fuzzy Hash: d2447e4764cca6ef97856cec0b4d1b1cca145e7f4677b966a5bb0115bcf3cfad
                          • Instruction Fuzzy Hash: FAF0C230A40308BBEB209F91DD09BEEBFB8EF04761F0000A8F845A6244CF795E40DB90
                          Function 00FC4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FC4EDD,?,01091418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FC4E9C
                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00FC4EAE
                          • FreeLibrary.KERNEL32(00000000,?,?,00FC4EDD,?,01091418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FC4EC0
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Library$AddressFreeLoadProc
                          • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                          • API String ID: 145871493-3689287502
                          • Opcode ID: 54c3c0ebce581eaf1aaf12baa6837f627fe9c78c34493ecb4432749434b39ad1
                          • Instruction ID: b611a9c48ae69e4139ca5dbfa411d59ada8ebd1baf1b73eab8831a1247728669
                          • Opcode Fuzzy Hash: 54c3c0ebce581eaf1aaf12baa6837f627fe9c78c34493ecb4432749434b39ad1
                          • Instruction Fuzzy Hash: 82E08635E027235BA33117256D29F5B765CAF82F72B060119FC40E6104DB64DC0191A4
                          Function 00FC4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,01003CDE,?,01091418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FC4E62
                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00FC4E74
                          • FreeLibrary.KERNEL32(00000000,?,?,01003CDE,?,01091418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FC4E87
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Library$AddressFreeLoadProc
                          • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                          • API String ID: 145871493-1355242751
                          • Opcode ID: 5ace5556140b1853d7e4375761caf99af4646a185eb0cd869d87baa578d56f55
                          • Instruction ID: 3876b4c2099c19a884ed68a0c8e0f31a2b157ae2341fe1dfed36ece977c81b54
                          • Opcode Fuzzy Hash: 5ace5556140b1853d7e4375761caf99af4646a185eb0cd869d87baa578d56f55
                          • Instruction Fuzzy Hash: 13D0C2319027225767321B297E29F8B3A1CAF82F213060118BC80A6108CF25CD01D2E4
                          Function 01032947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                          Download Yara Rule
                          APIs
                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 01032C05
                          • DeleteFileW.KERNEL32(?), ref: 01032C87
                          • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 01032C9D
                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 01032CAE
                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 01032CC0
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: File$Delete$Copy
                          • String ID:
                          • API String ID: 3226157194-0
                          • Opcode ID: 2cf75c57786a827407e6098a0072a774d70644b394a2ca5889c04d3cec526d76
                          • Instruction ID: 259824f4a40111fec46d3365509e9c90407258818950f2b836d1f8032a3459e3
                          • Opcode Fuzzy Hash: 2cf75c57786a827407e6098a0072a774d70644b394a2ca5889c04d3cec526d76
                          • Instruction Fuzzy Hash: 34B14F71D0011DABDF25DBA4CD85EDEBBBDEF48350F0040AAF649E6141EB35AA448F61
                          Function 0104A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                          Download Yara Rule
                          APIs
                          • GetCurrentProcessId.KERNEL32 ref: 0104A427
                          • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0104A435
                          • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0104A468
                          • CloseHandle.KERNEL32(?), ref: 0104A63D
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Process$CloseCountersCurrentHandleOpen
                          • String ID:
                          • API String ID: 3488606520-0
                          • Opcode ID: d22a315ee756fad79118a49eca86f3584e33f872147cf8d733ee7ebf7e287cab
                          • Instruction ID: 0488a6ee5f56698a9f116e73317a0096c94f61d726e9babfb24dc7dc877cface
                          • Opcode Fuzzy Hash: d22a315ee756fad79118a49eca86f3584e33f872147cf8d733ee7ebf7e287cab
                          • Instruction Fuzzy Hash: AFA1B2B16043019FE720DF28C982F2AB7E5AF88714F04885DF59A9B392DB74EC41CB91
                          Function 0102E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 0102DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0102CF22,?), ref: 0102DDFD
                            • Part of subcall function 0102DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0102CF22,?), ref: 0102DE16
                            • Part of subcall function 0102E199: GetFileAttributesW.KERNEL32(?,0102CF95), ref: 0102E19A
                          • lstrcmpiW.KERNEL32(?,?), ref: 0102E473
                          • MoveFileW.KERNEL32(?,?), ref: 0102E4AC
                          • _wcslen.LIBCMT ref: 0102E5EB
                          • _wcslen.LIBCMT ref: 0102E603
                          • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0102E650
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                          • String ID:
                          • API String ID: 3183298772-0
                          • Opcode ID: fc6ed514a044b27fc52e35cfb618499202c459a1f1d5439ac55dede4ebc1fcfb
                          • Instruction ID: fbefee0a29097a927267ba84e455a386e341e54f531986227a952f9d98dec506
                          • Opcode Fuzzy Hash: fc6ed514a044b27fc52e35cfb618499202c459a1f1d5439ac55dede4ebc1fcfb
                          • Instruction Fuzzy Hash: C65181B24083955BD764EBA4CC819DF77ECAF84340F40492EE6C9D3191EF74A2888766
                          Function 0104B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                            • Part of subcall function 0104C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0104B6AE,?,?), ref: 0104C9B5
                            • Part of subcall function 0104C998: _wcslen.LIBCMT ref: 0104C9F1
                            • Part of subcall function 0104C998: _wcslen.LIBCMT ref: 0104CA68
                            • Part of subcall function 0104C998: _wcslen.LIBCMT ref: 0104CA9E
                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0104BAA5
                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0104BB00
                          • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0104BB63
                          • RegCloseKey.ADVAPI32(?,?), ref: 0104BBA6
                          • RegCloseKey.ADVAPI32(00000000), ref: 0104BBB3
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                          • String ID:
                          • API String ID: 826366716-0
                          • Opcode ID: e9e68b0d9d3136ceecd07125299f3f192e93b9bdbe9f015f761622f2b79f2703
                          • Instruction ID: 8c997f1514071a69452c306752793deb9f62c57c23df586d59bf35d5f0025307
                          • Opcode Fuzzy Hash: e9e68b0d9d3136ceecd07125299f3f192e93b9bdbe9f015f761622f2b79f2703
                          • Instruction Fuzzy Hash: C061B171208201AFD314DF14C9D5E2ABBE5FF84308F5489ACF5994B292CB75ED45CB92
                          Function 01028BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                          Download Yara Rule
                          APIs
                          • VariantInit.OLEAUT32(?), ref: 01028BCD
                          • VariantClear.OLEAUT32 ref: 01028C3E
                          • VariantClear.OLEAUT32 ref: 01028C9D
                          • VariantClear.OLEAUT32(?), ref: 01028D10
                          • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 01028D3B
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Variant$Clear$ChangeInitType
                          • String ID:
                          • API String ID: 4136290138-0
                          • Opcode ID: b4c36d5f9561daeb8a1c798823c0ac79e9c0da20542011c9506d83895a267153
                          • Instruction ID: 36edb270ceac6da0f1f0a02a21a01363adec490a87d12bdcff4f6ef4ca282f72
                          • Opcode Fuzzy Hash: b4c36d5f9561daeb8a1c798823c0ac79e9c0da20542011c9506d83895a267153
                          • Instruction Fuzzy Hash: F5515AB5A00219EFDB14DF68C884AAABBF8FF89310F15855AE945DB314E734E911CF90
                          Function 01038AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                          Download Yara Rule
                          APIs
                          • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 01038BAE
                          • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 01038BDA
                          • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 01038C32
                          • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 01038C57
                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 01038C5F
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: PrivateProfile$SectionWrite$String
                          • String ID:
                          • API String ID: 2832842796-0
                          • Opcode ID: a2c52a5847bf8b62431d35640fefd1d7fc08e401c191acd2f16bcd8363bea0b6
                          • Instruction ID: ea2eb0e494e14672a383a9df86922596e5aecf0d87be436f2c4c90f98eb02cc8
                          • Opcode Fuzzy Hash: a2c52a5847bf8b62431d35640fefd1d7fc08e401c191acd2f16bcd8363bea0b6
                          • Instruction Fuzzy Hash: 71516835A002199FDB00DF64C981E6ABBF5FF48314F088499E849AB362CB39ED41DF90
                          Function 01048EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • LoadLibraryW.KERNEL32(?,00000000,?), ref: 01048F40
                          • GetProcAddress.KERNEL32(00000000,?), ref: 01048FD0
                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 01048FEC
                          • GetProcAddress.KERNEL32(00000000,?), ref: 01049032
                          • FreeLibrary.KERNEL32(00000000), ref: 01049052
                            • Part of subcall function 00FDF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,01031043,?,753CE610), ref: 00FDF6E6
                            • Part of subcall function 00FDF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0101FA64,00000000,00000000,?,?,01031043,?,753CE610,?,0101FA64), ref: 00FDF70D
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                          • String ID:
                          • API String ID: 666041331-0
                          • Opcode ID: 09e93c8422cd33b2c2627f7931ebdf7d9e1c48d159c395fb4261b8c8a878bf1b
                          • Instruction ID: 4b7f992931857017d478aed608090e349aeb1558192706010a45a82c2b4400d6
                          • Opcode Fuzzy Hash: 09e93c8422cd33b2c2627f7931ebdf7d9e1c48d159c395fb4261b8c8a878bf1b
                          • Instruction Fuzzy Hash: 7B516974604205DFC711EF68C585DAEBBF1FF49314B0884A9E94A9B362DB35ED85CB80
                          Function 01056B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                          Download Yara Rule
                          APIs
                          • SetWindowLongW.USER32(00000002,000000F0,?), ref: 01056C33
                          • SetWindowLongW.USER32(?,000000EC,?), ref: 01056C4A
                          • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 01056C73
                          • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0103AB79,00000000,00000000), ref: 01056C98
                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 01056CC7
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$Long$MessageSendShow
                          • String ID:
                          • API String ID: 3688381893-0
                          • Opcode ID: f0263340b95ee0b540d5f7f52067775a0a7710d3a3eb08d3eb554bff981581ef
                          • Instruction ID: 0f06b903666d9b5ff385603a40b38a702da9d3020213dea862018a54e16cda12
                          • Opcode Fuzzy Hash: f0263340b95ee0b540d5f7f52067775a0a7710d3a3eb08d3eb554bff981581ef
                          • Instruction Fuzzy Hash: 6541C535A04208AFE7A5CF6CC959FBB7FE8EB09360F840258ED95A7291C373AD40C650
                          Function 00FF2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _free
                          • String ID:
                          • API String ID: 269201875-0
                          • Opcode ID: 1a8eed09a4e8888141d04b25cd3cbc52040150e46bafcde02a75ddc74c51c3d5
                          • Instruction ID: 8c57f22a2c6a7e2645df6a220866abae0c275933b4ab97703d0b14916a0ca378
                          • Opcode Fuzzy Hash: 1a8eed09a4e8888141d04b25cd3cbc52040150e46bafcde02a75ddc74c51c3d5
                          • Instruction Fuzzy Hash: F441E433E002089FCB20DF78C880A6DB7B5EF89324F154569E615EB3A1DB31AD01EB80
                          Function 00FD912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                          Download Yara Rule
                          APIs
                          • GetCursorPos.USER32(?), ref: 00FD9141
                          • ScreenToClient.USER32(00000000,?), ref: 00FD915E
                          • GetAsyncKeyState.USER32(00000001), ref: 00FD9183
                          • GetAsyncKeyState.USER32(00000002), ref: 00FD919D
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: AsyncState$ClientCursorScreen
                          • String ID:
                          • API String ID: 4210589936-0
                          • Opcode ID: 10343cc3b29f4ecf0c7cc66f4a9eab4bdf5db7023c97a0e0669709fb909940c6
                          • Instruction ID: 044a94601c816fc27f02cf4e853ee734562ef4909876ad6971dd61849b0329d3
                          • Opcode Fuzzy Hash: 10343cc3b29f4ecf0c7cc66f4a9eab4bdf5db7023c97a0e0669709fb909940c6
                          • Instruction Fuzzy Hash: 3841B43190820BFBDF199FA8C844BEEB776FF05324F244216E465A32D4C7746990DB51
                          Function 01033874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetInputState.USER32 ref: 010338CB
                          • TranslateAcceleratorW.USER32(?,00000000,?), ref: 01033922
                          • TranslateMessage.USER32(?), ref: 0103394B
                          • DispatchMessageW.USER32(?), ref: 01033955
                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 01033966
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                          • String ID:
                          • API String ID: 2256411358-0
                          • Opcode ID: 81f1fd8b8a77171f6b411398d4422467cb951aed67bbf60c3b21974bfb630fd7
                          • Instruction ID: 36885ac89db7fc8daa7b1a8ac5323a10a0d7f69e1f744bcb2c2a192556ad6c5f
                          • Opcode Fuzzy Hash: 81f1fd8b8a77171f6b411398d4422467cb951aed67bbf60c3b21974bfb630fd7
                          • Instruction Fuzzy Hash: D731E670604342EEFB76CB389499BB73BECBB85314F04459AD5E2CA0C5E3799085CB11
                          Function 01021901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                          Download Yara Rule
                          APIs
                          • GetWindowRect.USER32(?,?), ref: 01021915
                          • PostMessageW.USER32(00000001,00000201,00000001), ref: 010219C1
                          • Sleep.KERNEL32(00000000,?,?,?), ref: 010219C9
                          • PostMessageW.USER32(00000001,00000202,00000000), ref: 010219DA
                          • Sleep.KERNEL32(00000000,?,?,?,?), ref: 010219E2
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessagePostSleep$RectWindow
                          • String ID:
                          • API String ID: 3382505437-0
                          • Opcode ID: 9b43d79f1f7c8d8d4dcd9d9cda32fe75f73678573107cf7c19a7717bb0db474c
                          • Instruction ID: ac73d9a9987f7da5e803d0d00c2e4bd04044b254b5cc04a961eacdda21b4b746
                          • Opcode Fuzzy Hash: 9b43d79f1f7c8d8d4dcd9d9cda32fe75f73678573107cf7c19a7717bb0db474c
                          • Instruction Fuzzy Hash: 3931D171A00329EFDB10CFACD988ADE7BB5EB05315F104269F9A1A72C1C770AA44CB90
                          Function 01055706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(?,00001053,000000FF,?), ref: 01055745
                          • SendMessageW.USER32(?,00001074,?,00000001), ref: 0105579D
                          • _wcslen.LIBCMT ref: 010557AF
                          • _wcslen.LIBCMT ref: 010557BA
                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 01055816
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$_wcslen
                          • String ID:
                          • API String ID: 763830540-0
                          • Opcode ID: 3f929f67bb1c351c0e6931ecb7608c2c207d5774944ca2f798f7cf66bc983b60
                          • Instruction ID: 69eb7900ce9aad227cb2baf9dce8faca9be687f0142404a8ae7a73bb45fae150
                          • Opcode Fuzzy Hash: 3f929f67bb1c351c0e6931ecb7608c2c207d5774944ca2f798f7cf66bc983b60
                          • Instruction Fuzzy Hash: 6821B931A002189BDB608FA4DC44AEF7BBCFF04324F004156EE99EB180D7749585CF50
                          Function 01040930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                          Download Yara Rule
                          APIs
                          • IsWindow.USER32(00000000), ref: 01040951
                          • GetForegroundWindow.USER32 ref: 01040968
                          • GetDC.USER32(00000000), ref: 010409A4
                          • GetPixel.GDI32(00000000,?,00000003), ref: 010409B0
                          • ReleaseDC.USER32(00000000,00000003), ref: 010409E8
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$ForegroundPixelRelease
                          • String ID:
                          • API String ID: 4156661090-0
                          • Opcode ID: 8bfedec35270704c1dd543fc98fa96114bbf6e67285ec7070553c7c2d22a4e9a
                          • Instruction ID: 554c472f67d6db4023bde53eb5815b8f22993ab465bffb57dd04901aca4ddd3d
                          • Opcode Fuzzy Hash: 8bfedec35270704c1dd543fc98fa96114bbf6e67285ec7070553c7c2d22a4e9a
                          • Instruction Fuzzy Hash: 1A218179600214AFE714EF65C985AAFBBE9EF48700F04846CE98AA7755CB35AD04CB60
                          Function 00FFCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                          Download Yara Rule
                          APIs
                          • GetEnvironmentStringsW.KERNEL32 ref: 00FFCDC6
                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00FFCDE9
                            • Part of subcall function 00FF3820: RtlAllocateHeap.NTDLL(00000000,?,01091444,?,00FDFDF5,?,?,00FCA976,00000010,01091440,00FC13FC,?,00FC13C6,?,00FC1129), ref: 00FF3852
                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00FFCE0F
                          • _free.LIBCMT ref: 00FFCE22
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00FFCE31
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                          • String ID:
                          • API String ID: 336800556-0
                          • Opcode ID: d2c5451e6b5bdfde33b3b39ec19b5e4d2bcda421a9551ed8f1d5d99abb62fd64
                          • Instruction ID: 83f4bb5e290e63caba2530735bb2d16845394acd8dc267c2b07387d679b0e633
                          • Opcode Fuzzy Hash: d2c5451e6b5bdfde33b3b39ec19b5e4d2bcda421a9551ed8f1d5d99abb62fd64
                          • Instruction Fuzzy Hash: F301D872E0232D7F333115766D48DBF796DDEC6BA13150129FA05C7210DAA58D01A2F0
                          Function 00FD9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                          Download Yara Rule
                          APIs
                          • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00FD9693
                          • SelectObject.GDI32(?,00000000), ref: 00FD96A2
                          • BeginPath.GDI32(?), ref: 00FD96B9
                          • SelectObject.GDI32(?,00000000), ref: 00FD96E2
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ObjectSelect$BeginCreatePath
                          • String ID:
                          • API String ID: 3225163088-0
                          • Opcode ID: 87eaa5fa18d3e23f1cbb504209ad8a964330b1e9b86ee760b89b4bac0a344714
                          • Instruction ID: 71db9292ea3ec811aa7c1c44e91f531367788f0782f3d09a67925543df449371
                          • Opcode Fuzzy Hash: 87eaa5fa18d3e23f1cbb504209ad8a964330b1e9b86ee760b89b4bac0a344714
                          • Instruction Fuzzy Hash: A421D731915306EFDB219FA4D9047AE3BB9BB01375F144217F490A32D8D3BA9881DF94
                          Function 01025711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _memcmp
                          • String ID:
                          • API String ID: 2931989736-0
                          • Opcode ID: c0bee49b0996ae542609da0140424df80d30464be760a0971e74fee1834b3eed
                          • Instruction ID: 705e089556986a285d88d997e1d33234931ae83f91d0fa2634a497f718159894
                          • Opcode Fuzzy Hash: c0bee49b0996ae542609da0140424df80d30464be760a0971e74fee1834b3eed
                          • Instruction Fuzzy Hash: 4501B57168126AFFE3489517AE82FFB739CBB513A4F004064FD449E202F774ED1092A8
                          Function 00FF2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32(?,?,?,00FEF2DE,00FF3863,01091444,?,00FDFDF5,?,?,00FCA976,00000010,01091440,00FC13FC,?,00FC13C6), ref: 00FF2DFD
                          • _free.LIBCMT ref: 00FF2E32
                          • _free.LIBCMT ref: 00FF2E59
                          • SetLastError.KERNEL32(00000000,00FC1129), ref: 00FF2E66
                          • SetLastError.KERNEL32(00000000,00FC1129), ref: 00FF2E6F
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorLast$_free
                          • String ID:
                          • API String ID: 3170660625-0
                          • Opcode ID: a22e00b1f9f055a7511d0f254bb3a4cdb1d044197c957612c6f3f4aa18393c23
                          • Instruction ID: 2053b9150a0e5a7a0791731a718b0979a08fb658ed7e7d6a7b643956d3be0353
                          • Opcode Fuzzy Hash: a22e00b1f9f055a7511d0f254bb3a4cdb1d044197c957612c6f3f4aa18393c23
                          • Instruction Fuzzy Hash: 8101F97264570C67D76226746D85D3F396DFFC17717340029FBA1A22B6EA6D8D017120
                          Function 0102000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                          Download Yara Rule
                          APIs
                          • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0101FF41,80070057,?,?,?,0102035E), ref: 0102002B
                          • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0101FF41,80070057,?,?), ref: 01020046
                          • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0101FF41,80070057,?,?), ref: 01020054
                          • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0101FF41,80070057,?), ref: 01020064
                          • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0101FF41,80070057,?,?), ref: 01020070
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: From$Prog$FreeStringTasklstrcmpi
                          • String ID:
                          • API String ID: 3897988419-0
                          • Opcode ID: 775016a7bd9606ccbb0320c5774ec06b66a7b607d8a7611f24f2b9c73165178e
                          • Instruction ID: 49618d706205f9e141dea2c8120205237df195ada79a64bab336dd8c921ea490
                          • Opcode Fuzzy Hash: 775016a7bd9606ccbb0320c5774ec06b66a7b607d8a7611f24f2b9c73165178e
                          • Instruction Fuzzy Hash: 82018F76600315BFFB204F68DD84BBA7EEDEB44661F144124FA85D2218E77ADD408BA0
                          Function 0102E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                          Download Yara Rule
                          APIs
                          • QueryPerformanceCounter.KERNEL32(?), ref: 0102E997
                          • QueryPerformanceFrequency.KERNEL32(?), ref: 0102E9A5
                          • Sleep.KERNEL32(00000000), ref: 0102E9AD
                          • QueryPerformanceCounter.KERNEL32(?), ref: 0102E9B7
                          • Sleep.KERNEL32 ref: 0102E9F3
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: PerformanceQuery$CounterSleep$Frequency
                          • String ID:
                          • API String ID: 2833360925-0
                          • Opcode ID: 4614b0e67ae559c83d784fdbc66a48fe57c561b9bae1b4f341d53f2537957d5f
                          • Instruction ID: e642877e88f8ca021afe5ddd80ed9cc997a0799ec45559041ba475ac34664a1e
                          • Opcode Fuzzy Hash: 4614b0e67ae559c83d784fdbc66a48fe57c561b9bae1b4f341d53f2537957d5f
                          • Instruction Fuzzy Hash: 1901A931E00739DBDF10AFE4D948AEEBBB8FF09300F000546E582B2244CB398540CBA1
                          Function 010210F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                          Download Yara Rule
                          APIs
                          • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 01021114
                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,01020B9B,?,?,?), ref: 01021120
                          • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,01020B9B,?,?,?), ref: 0102112F
                          • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,01020B9B,?,?,?), ref: 01021136
                          • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0102114D
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                          • String ID:
                          • API String ID: 842720411-0
                          • Opcode ID: 069303b0cfb008f26f1a1da742977bf44db4ed8064cfcdd712fc59ec456bfd54
                          • Instruction ID: e043b3620bbb0da30e958fc9349c01ea1a824777dcd92ad0185cf534fe5804cc
                          • Opcode Fuzzy Hash: 069303b0cfb008f26f1a1da742977bf44db4ed8064cfcdd712fc59ec456bfd54
                          • Instruction Fuzzy Hash: E2016D75100315BFEB214F68DD4DA6B3FAEEF85260B200454F981D3340DA36DC00CB60
                          Function 01020FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                          Download Yara Rule
                          APIs
                          • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 01020FCA
                          • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 01020FD6
                          • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 01020FE5
                          • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 01020FEC
                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 01021002
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: HeapInformationToken$AllocErrorLastProcess
                          • String ID:
                          • API String ID: 44706859-0
                          • Opcode ID: 6ce9dfb5377d41418ef63570257862cce71599f0e3f29da56aec1fed4a6fa1d1
                          • Instruction ID: 6b16d2dc145114adc28b87a22d66f864c82c4f98f8dac4887774af0d24e4b9a4
                          • Opcode Fuzzy Hash: 6ce9dfb5377d41418ef63570257862cce71599f0e3f29da56aec1fed4a6fa1d1
                          • Instruction Fuzzy Hash: 09F06D35200315ABEB214FA9DD8DF5B3FADEF8A762F104454FA86C7241CA7AD850CB60
                          Function 01021014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                          Download Yara Rule
                          APIs
                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0102102A
                          • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 01021036
                          • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 01021045
                          • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0102104C
                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 01021062
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: HeapInformationToken$AllocErrorLastProcess
                          • String ID:
                          • API String ID: 44706859-0
                          • Opcode ID: a06c0d99acdc47571163ecbef9a2cda89288fb81a47933765e8a7a72fc9e7da3
                          • Instruction ID: 029c6e9390a17db2386c57b52ad61555f1b5ff1565eae185d527ca8bcbdf85ae
                          • Opcode Fuzzy Hash: a06c0d99acdc47571163ecbef9a2cda89288fb81a47933765e8a7a72fc9e7da3
                          • Instruction Fuzzy Hash: E8F06235200355ABEB225FA9ED49F5B3FADEF8A661F100414FA85C7240CA79D950CB60
                          Function 0103030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                          Download Yara Rule
                          APIs
                          • CloseHandle.KERNEL32(?,?,?,?,0103017D,?,010332FC,?,00000001,01002592,?), ref: 01030324
                          • CloseHandle.KERNEL32(?,?,?,?,0103017D,?,010332FC,?,00000001,01002592,?), ref: 01030331
                          • CloseHandle.KERNEL32(?,?,?,?,0103017D,?,010332FC,?,00000001,01002592,?), ref: 0103033E
                          • CloseHandle.KERNEL32(?,?,?,?,0103017D,?,010332FC,?,00000001,01002592,?), ref: 0103034B
                          • CloseHandle.KERNEL32(?,?,?,?,0103017D,?,010332FC,?,00000001,01002592,?), ref: 01030358
                          • CloseHandle.KERNEL32(?,?,?,?,0103017D,?,010332FC,?,00000001,01002592,?), ref: 01030365
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CloseHandle
                          • String ID:
                          • API String ID: 2962429428-0
                          • Opcode ID: 5729b76d801c71698209bda207b0cc9fd31279ae19a4cdd116c2de0c1f89cbfb
                          • Instruction ID: 7884c833a2d4ac1f258922a9c438a62bae0cb33c0ba16df69804613aff4bf91c
                          • Opcode Fuzzy Hash: 5729b76d801c71698209bda207b0cc9fd31279ae19a4cdd116c2de0c1f89cbfb
                          • Instruction Fuzzy Hash: 7C019072801B159FD7309F6AD880413FBF9BF902153158A7EE29652931C371A954CF80
                          Function 00FFD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • _free.LIBCMT ref: 00FFD752
                            • Part of subcall function 00FF29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FFD7D1,00000000,00000000,00000000,00000000,?,00FFD7F8,00000000,00000007,00000000,?,00FFDBF5,00000000), ref: 00FF29DE
                            • Part of subcall function 00FF29C8: GetLastError.KERNEL32(00000000,?,00FFD7D1,00000000,00000000,00000000,00000000,?,00FFD7F8,00000000,00000007,00000000,?,00FFDBF5,00000000,00000000), ref: 00FF29F0
                          • _free.LIBCMT ref: 00FFD764
                          • _free.LIBCMT ref: 00FFD776
                          • _free.LIBCMT ref: 00FFD788
                          • _free.LIBCMT ref: 00FFD79A
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _free$ErrorFreeHeapLast
                          • String ID:
                          • API String ID: 776569668-0
                          • Opcode ID: ff3bc7ab6b073c6d27c7731dd02710ec16d1091ef968dd97757ca232c6a9f97e
                          • Instruction ID: cfe5b4b556f802e2732c2a8865657f32a76bc1c0d85f5b014c94c1115560ad0f
                          • Opcode Fuzzy Hash: ff3bc7ab6b073c6d27c7731dd02710ec16d1091ef968dd97757ca232c6a9f97e
                          • Instruction Fuzzy Hash: A5F0313399420DAB8675FA58F9C5C6A77FEBF047207940809F284DB525CB29FC406674
                          Function 01025C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                          Download Yara Rule
                          APIs
                          • GetDlgItem.USER32(?,000003E9), ref: 01025C58
                          • GetWindowTextW.USER32(00000000,?,00000100), ref: 01025C6F
                          • MessageBeep.USER32(00000000), ref: 01025C87
                          • KillTimer.USER32(?,0000040A), ref: 01025CA3
                          • EndDialog.USER32(?,00000001), ref: 01025CBD
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: BeepDialogItemKillMessageTextTimerWindow
                          • String ID:
                          • API String ID: 3741023627-0
                          • Opcode ID: 8d1e4f79ef9215617b04075c971318f9c64c3d4278eeec3c4356e16cfa081f8d
                          • Instruction ID: 8e2df1f8f233a0dd0ddf045d7b2f62c181a6bd319df1785eb67cb8aa91361425
                          • Opcode Fuzzy Hash: 8d1e4f79ef9215617b04075c971318f9c64c3d4278eeec3c4356e16cfa081f8d
                          • Instruction Fuzzy Hash: 89014F30500718AEFB315B14DE4EFE67BA8BB04B05F040659E6C2A24D1EBB5AA84CB94
                          Function 00FF22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                          Download Yara Rule
                          APIs
                          • _free.LIBCMT ref: 00FF22BE
                            • Part of subcall function 00FF29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FFD7D1,00000000,00000000,00000000,00000000,?,00FFD7F8,00000000,00000007,00000000,?,00FFDBF5,00000000), ref: 00FF29DE
                            • Part of subcall function 00FF29C8: GetLastError.KERNEL32(00000000,?,00FFD7D1,00000000,00000000,00000000,00000000,?,00FFD7F8,00000000,00000007,00000000,?,00FFDBF5,00000000,00000000), ref: 00FF29F0
                          • _free.LIBCMT ref: 00FF22D0
                          • _free.LIBCMT ref: 00FF22E3
                          • _free.LIBCMT ref: 00FF22F4
                          • _free.LIBCMT ref: 00FF2305
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _free$ErrorFreeHeapLast
                          • String ID:
                          • API String ID: 776569668-0
                          • Opcode ID: 24e9867c0b110ed3124d9ac301a08b9282c34e8cb0ba75abbf296904f713c89f
                          • Instruction ID: 75d89c3b5bc6d2d2633fd6345f69076680c9b498495b2d29f3233b7fc11d33f5
                          • Opcode Fuzzy Hash: 24e9867c0b110ed3124d9ac301a08b9282c34e8cb0ba75abbf296904f713c89f
                          • Instruction Fuzzy Hash: 4DF03AB19941268B9672BF58F82186C3B78BF18770700054AF5D4D72BDC77E0921BBA4
                          Function 00FD95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                          Download Yara Rule
                          APIs
                          • EndPath.GDI32(?), ref: 00FD95D4
                          • StrokeAndFillPath.GDI32(?,?,010171F7,00000000,?,?,?), ref: 00FD95F0
                          • SelectObject.GDI32(?,00000000), ref: 00FD9603
                          • DeleteObject.GDI32 ref: 00FD9616
                          • StrokePath.GDI32(?), ref: 00FD9631
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Path$ObjectStroke$DeleteFillSelect
                          • String ID:
                          • API String ID: 2625713937-0
                          • Opcode ID: ea526617203c95f48f53449e1aeddf87dbba1333ded96d8446ba345867cd10a6
                          • Instruction ID: f80e624da2290eee8142b708211cd28c7f2fcb9617d255131c3866dc4e674be7
                          • Opcode Fuzzy Hash: ea526617203c95f48f53449e1aeddf87dbba1333ded96d8446ba345867cd10a6
                          • Instruction Fuzzy Hash: 90F08C30109305ABEB324FA5EA0C7653B66FB01372F088314F4A5551E8CB7A8991EF20
                          Function 00FF0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: __freea$_free
                          • String ID: a/p$am/pm
                          • API String ID: 3432400110-3206640213
                          • Opcode ID: 85fdf72daf1dae6a87564b34e0e871f471321f03e0c2560f677e67fc458ccba5
                          • Instruction ID: 72a914e65cc5cf7e90d6e2360b7f7b494bf4834d24f85fcb85d6548846b4ccb1
                          • Opcode Fuzzy Hash: 85fdf72daf1dae6a87564b34e0e871f471321f03e0c2560f677e67fc458ccba5
                          • Instruction Fuzzy Hash: 48D1F132D0420ECADB289F68C855BFAB7B5FF05720F280159EB01AB671D7759D80EB91
                          Function 01047B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FE0242: EnterCriticalSection.KERNEL32(0109070C,01091884,?,?,00FD198B,01092518,?,?,?,00FC12F9,00000000), ref: 00FE024D
                            • Part of subcall function 00FE0242: LeaveCriticalSection.KERNEL32(0109070C,?,00FD198B,01092518,?,?,?,00FC12F9,00000000), ref: 00FE028A
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                            • Part of subcall function 00FE00A3: __onexit.LIBCMT ref: 00FE00A9
                          • __Init_thread_footer.LIBCMT ref: 01047BFB
                            • Part of subcall function 00FE01F8: EnterCriticalSection.KERNEL32(0109070C,?,?,00FD8747,01092514), ref: 00FE0202
                            • Part of subcall function 00FE01F8: LeaveCriticalSection.KERNEL32(0109070C,?,00FD8747,01092514), ref: 00FE0235
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                          • String ID: 5$G$Variable must be of type 'Object'.
                          • API String ID: 535116098-3733170431
                          • Opcode ID: 5044f0d6198c39bf3f5b6e1772780f0a4bf61bd72b0c5eccf242f7d56b8a23a7
                          • Instruction ID: c9e2164b68d1e774368cbbd3842d1076a03a47fe38ffc55b5f9706e7d0ca3808
                          • Opcode Fuzzy Hash: 5044f0d6198c39bf3f5b6e1772780f0a4bf61bd72b0c5eccf242f7d56b8a23a7
                          • Instruction Fuzzy Hash: 68918EB1A00209EFCB15EF98D990DADBBB1FF44304F0480ADF9865B291DB71AE45DB51
                          Function 01022716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 0102B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,010221D0,?,?,00000034,00000800,?,00000034), ref: 0102B42D
                          • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 01022760
                            • Part of subcall function 0102B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,010221FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0102B3F8
                            • Part of subcall function 0102B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0102B355
                            • Part of subcall function 0102B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,01022194,00000034,?,?,00001004,00000000,00000000), ref: 0102B365
                            • Part of subcall function 0102B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,01022194,00000034,?,?,00001004,00000000,00000000), ref: 0102B37B
                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 010227CD
                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0102281A
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                          • String ID: @
                          • API String ID: 4150878124-2766056989
                          • Opcode ID: 4e2d67942afb958d3c53ee9e712a54eee62b4f3f2dbe662dcd6aa37c0b1e2986
                          • Instruction ID: 2ff18934a30ca6a78b7bc4e93f5192b1116fb8e91c737d5ed05faaab454efa2c
                          • Opcode Fuzzy Hash: 4e2d67942afb958d3c53ee9e712a54eee62b4f3f2dbe662dcd6aa37c0b1e2986
                          • Instruction Fuzzy Hash: 08412F72900229AFDB10DFA4CD85FDEBBB8EF19700F108095EA95B7180DA716E45CB61
                          Function 00FF172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                          Download Yara Rule
                          APIs
                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00FF1769
                          • _free.LIBCMT ref: 00FF1834
                          • _free.LIBCMT ref: 00FF183E
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _free$FileModuleName
                          • String ID: C:\Users\user\Desktop\file.exe
                          • API String ID: 2506810119-1957095476
                          • Opcode ID: 9df92f6a055baba808c5350048e08a5f0f20f4df1974a71b263d1f85dcb87b21
                          • Instruction ID: 2075f4d73c826e748305919f1afbdd421ed24eab342bef83316e25a03a0c72ad
                          • Opcode Fuzzy Hash: 9df92f6a055baba808c5350048e08a5f0f20f4df1974a71b263d1f85dcb87b21
                          • Instruction Fuzzy Hash: 0B318172E0021CEBDB21EB999D81DAEBBBCFF85360F1441A6F60497221D6754A40EB90
                          Function 0102C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0102C306
                          • DeleteMenu.USER32(?,00000007,00000000), ref: 0102C34C
                          • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,01091990,01115CC0), ref: 0102C395
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Menu$Delete$InfoItem
                          • String ID: 0
                          • API String ID: 135850232-4108050209
                          • Opcode ID: 21cbbf032f2fe9ac569abe3a71c5172b4c1ead7f77f906ea0ec3ba2cc6efad80
                          • Instruction ID: 932fd176a538bfd145a14d7148d12cf9d1caed34f5065f29ab7843383e3990ec
                          • Opcode Fuzzy Hash: 21cbbf032f2fe9ac569abe3a71c5172b4c1ead7f77f906ea0ec3ba2cc6efad80
                          • Instruction Fuzzy Hash: 4041B1712043529FE720DF29D944B6EBBE8AF85310F008A5EF9E5972D1D774EA04CB52
                          Function 01054416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                          Download Yara Rule
                          APIs
                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0105CC08,00000000,?,?,?,?), ref: 010544AA
                          • GetWindowLongW.USER32 ref: 010544C7
                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 010544D7
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$Long
                          • String ID: SysTreeView32
                          • API String ID: 847901565-1698111956
                          • Opcode ID: c7feb06b12c225732fc9be489bee18b4429d30318f59d59cc39aa6c79f027d64
                          • Instruction ID: bb06c91960bfbaa25c410d36341b863104c9563076216457b68ab5e3e589c7bf
                          • Opcode Fuzzy Hash: c7feb06b12c225732fc9be489bee18b4429d30318f59d59cc39aa6c79f027d64
                          • Instruction Fuzzy Hash: 65319E31244205ABEFA18E78DC45BDB7BA9EB08338F204715FDB5E21D1EB74E8909B50
                          Function 0104304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 0104335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,01043077,?,?), ref: 01043378
                          • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0104307A
                          • _wcslen.LIBCMT ref: 0104309B
                          • htons.WSOCK32(00000000,?,?,00000000), ref: 01043106
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                          • String ID: 255.255.255.255
                          • API String ID: 946324512-2422070025
                          • Opcode ID: 3421f1a6d43b1c57787d0d44edd3389d98b6a78ea19bd3033320f47d1f5649de
                          • Instruction ID: 5bec164fb2ef510cd8dd5896452e8b6de167e3a13e271a85ead86bc06ed7f792
                          • Opcode Fuzzy Hash: 3421f1a6d43b1c57787d0d44edd3389d98b6a78ea19bd3033320f47d1f5649de
                          • Instruction Fuzzy Hash: 5F31EFB52042119FDB20CF28C5C5EAA7BF0FF14318F2491A9E9958F3A2CB72E941C760
                          Function 01053EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 01053F40
                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 01053F54
                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 01053F78
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$Window
                          • String ID: SysMonthCal32
                          • API String ID: 2326795674-1439706946
                          • Opcode ID: 0449927e36fb89c5e63b3ace5555b906815477471a23d3ae8ce5e568062b90b7
                          • Instruction ID: 06ab2fb12e775e9ea2de5201e8d2733815b938335bde68ab92d50bd7ae7a8691
                          • Opcode Fuzzy Hash: 0449927e36fb89c5e63b3ace5555b906815477471a23d3ae8ce5e568062b90b7
                          • Instruction Fuzzy Hash: 85219F32640219BBEF229E54CC46FEB3BB9FB48754F110254FE95AB1C0D6B5A850DBA0
                          Function 01054653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 01054705
                          • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 01054713
                          • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0105471A
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$DestroyWindow
                          • String ID: msctls_updown32
                          • API String ID: 4014797782-2298589950
                          • Opcode ID: 9cb0a9cda91d15954b9cb040c5652300088b93ed98701c73f6114b79e4012803
                          • Instruction ID: 1d4e5d2bb6ba4fe52ee7f0981309364fa1e87d3b45bdf5a37cade5141f6f83dd
                          • Opcode Fuzzy Hash: 9cb0a9cda91d15954b9cb040c5652300088b93ed98701c73f6114b79e4012803
                          • Instruction Fuzzy Hash: 1F218CB5604209AFEB51DF68DCC1DAB37EDEB4A3A4B000049FA40DB251DB75EC51CB60
                          Function 010295AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen
                          • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                          • API String ID: 176396367-2734436370
                          • Opcode ID: 9789a856cc0b79f5ccb7474aa4d6c833bffe4cc75825fd05effa0cc492424339
                          • Instruction ID: fc1cb6f1615fb8270d207ed4b9ae83ef3b34fe7bff00954eb7638a93d72049a7
                          • Opcode Fuzzy Hash: 9789a856cc0b79f5ccb7474aa4d6c833bffe4cc75825fd05effa0cc492424339
                          • Instruction Fuzzy Hash: D621AD3220423166E330BB29DC06FBB73DD9F95308F40402AFAC99B042EB58A941D3D1
                          Function 010537B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 01053840
                          • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 01053850
                          • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 01053876
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend$MoveWindow
                          • String ID: Listbox
                          • API String ID: 3315199576-2633736733
                          • Opcode ID: 445ae687424112b40bc90dfb38b8901873ae6871d80b429a6ff34dd828b53559
                          • Instruction ID: a45aabc3409b209e67772be77693ad3c7118574fd750f2033cb9fef94fba0380
                          • Opcode Fuzzy Hash: 445ae687424112b40bc90dfb38b8901873ae6871d80b429a6ff34dd828b53559
                          • Instruction Fuzzy Hash: 1B21C232600218BBEF628E69CC45FBB37AEFF89790F108154FD909B190C676DC5287A0
                          Function 010349F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                          Download Yara Rule
                          APIs
                          • SetErrorMode.KERNEL32(00000001), ref: 01034A08
                          • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 01034A5C
                          • SetErrorMode.KERNEL32(00000000,?,?,0105CC08), ref: 01034AD0
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorMode$InformationVolume
                          • String ID: %lu
                          • API String ID: 2507767853-685833217
                          • Opcode ID: f1ec5e98b3a26af9f77a6649fdc55a4342af8f1f3c6a3416cc2b70674ae6047b
                          • Instruction ID: 5878fce4d41e3be044c3b470a421674c57d96c8aa98b4be13f0690141eae28eb
                          • Opcode Fuzzy Hash: f1ec5e98b3a26af9f77a6649fdc55a4342af8f1f3c6a3416cc2b70674ae6047b
                          • Instruction Fuzzy Hash: 7E315E71A00209AFDB10DF54C985EAA7BF8EF48308F1480A9E949DF252D775ED46CB61
                          Function 010541EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0105424F
                          • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 01054264
                          • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 01054271
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID: msctls_trackbar32
                          • API String ID: 3850602802-1010561917
                          • Opcode ID: 7ae7705aeb16db7a903e6b66cb8ce6bdbb28850fc3a3e9dfb30adb743840aea6
                          • Instruction ID: c88558bb840f3568a585a652880a106d19109d9b477f517bb18787fbf7f4f156
                          • Opcode Fuzzy Hash: 7ae7705aeb16db7a903e6b66cb8ce6bdbb28850fc3a3e9dfb30adb743840aea6
                          • Instruction Fuzzy Hash: 7511C631240348BEEF615E69CC46FEB3BACEF85B64F114514FE95E6090D271D8519B24
                          Function 01022F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC6B57: _wcslen.LIBCMT ref: 00FC6B6A
                            • Part of subcall function 01022DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 01022DC5
                            • Part of subcall function 01022DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 01022DD6
                            • Part of subcall function 01022DA7: GetCurrentThreadId.KERNEL32 ref: 01022DDD
                            • Part of subcall function 01022DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 01022DE4
                          • GetFocus.USER32 ref: 01022F78
                            • Part of subcall function 01022DEE: GetParent.USER32(00000000), ref: 01022DF9
                          • GetClassNameW.USER32(?,?,00000100), ref: 01022FC3
                          • EnumChildWindows.USER32(?,0102303B), ref: 01022FEB
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                          • String ID: %s%d
                          • API String ID: 1272988791-1110647743
                          • Opcode ID: 09d92d404c98d90540864b93d3f1c40ef5ef360e474cf10b07f70ca5fe1f88bd
                          • Instruction ID: 7e4952978d914b6301455869c4a395c666c96c15059a7a269833931186906646
                          • Opcode Fuzzy Hash: 09d92d404c98d90540864b93d3f1c40ef5ef360e474cf10b07f70ca5fe1f88bd
                          • Instruction Fuzzy Hash: 3811D2716002166BDF50BFB48DD5EEE37AAAF98304F044079FD499B242DE3899098B70
                          Function 01055882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 010558C1
                          • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 010558EE
                          • DrawMenuBar.USER32(?), ref: 010558FD
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Menu$InfoItem$Draw
                          • String ID: 0
                          • API String ID: 3227129158-4108050209
                          • Opcode ID: f9805f4cf8896764070cc4c4e4f083f8085c3467dd3d69ba513d29eb5c14b2cb
                          • Instruction ID: 1dd77153000ad00130a6ac6b7b6de0376c3faaba2fb4673c87f4f1933ce12a6d
                          • Opcode Fuzzy Hash: f9805f4cf8896764070cc4c4e4f083f8085c3467dd3d69ba513d29eb5c14b2cb
                          • Instruction Fuzzy Hash: B2016131500218AFDB619F55DC44BAFBBB9FB45364F048099E889D6251DB348A84DF61
                          Function 0101D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0101D3BF
                          • FreeLibrary.KERNEL32 ref: 0101D3E5
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: AddressFreeLibraryProc
                          • String ID: GetSystemWow64DirectoryW$X64
                          • API String ID: 3013587201-2590602151
                          • Opcode ID: d7ed90a4c88483248fbe65d84a97ea4b3c379c573aade55f8c2c05c19f54bede
                          • Instruction ID: b6dfd4901c6b8ff6e9a1d4726e2b34e6ca786d8105251167d40b9e8a623aff27
                          • Opcode Fuzzy Hash: d7ed90a4c88483248fbe65d84a97ea4b3c379c573aade55f8c2c05c19f54bede
                          • Instruction Fuzzy Hash: 3AF05C7200531197E7B452548C9C9AE3718BF12715F44C18AE0D3F104DCB3CC540C785
                          Function 0102007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d8ea02057f1d6a30876e026698e005257b356104e48ac8180fce1b5fb07204a8
                          • Instruction ID: 0be4515f94894a95ba8bd3b87cb365e250b41f67b7cd48a451182c11181d5197
                          • Opcode Fuzzy Hash: d8ea02057f1d6a30876e026698e005257b356104e48ac8180fce1b5fb07204a8
                          • Instruction Fuzzy Hash: E3C15B75A0021AEFDB14CFA8C884AAEBBB9FF48704F208599F545EB255D731ED41CB90
                          Function 00FF3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: __alldvrm$_strrchr
                          • String ID:
                          • API String ID: 1036877536-0
                          • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                          • Instruction ID: 2b7027e846b0f6f2f0bc2e31333edb290ec2d9565d66f1d30de4da68da649eef
                          • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                          • Instruction Fuzzy Hash: A8A15972D0038A9FEB26DF18C8917BFBBE4EF61360F14416DE6859B2A1C638A941D750
                          Function 0104342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Variant$ClearInitInitializeUninitialize
                          • String ID:
                          • API String ID: 1998397398-0
                          • Opcode ID: a2cfc0b9437dc35485a4fb7fd11c44ef9c77a577c1256525d5b6846c31e76420
                          • Instruction ID: 368889bcebccb9c232afd57efd910653a6b9d96022c1082003f9aa9ae1d6716a
                          • Opcode Fuzzy Hash: a2cfc0b9437dc35485a4fb7fd11c44ef9c77a577c1256525d5b6846c31e76420
                          • Instruction Fuzzy Hash: D7A137752043119FD710EF28C985A2ABBE5FF88314F08885DF98A9B361DB35ED01DB91
                          Function 01020436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                          Download Yara Rule
                          APIs
                          • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0105FC08,?), ref: 010205F0
                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0105FC08,?), ref: 01020608
                          • CLSIDFromProgID.OLE32(?,?,00000000,0105CC40,000000FF,?,00000000,00000800,00000000,?,0105FC08,?), ref: 0102062D
                          • _memcmp.LIBVCRUNTIME ref: 0102064E
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: FromProg$FreeTask_memcmp
                          • String ID:
                          • API String ID: 314563124-0
                          • Opcode ID: 497965705cadaef097f8ae0f0781ec86a54b8c01d7717c07b43586492d41f4d3
                          • Instruction ID: ced5567843407ee112d180f357f685bed23cf182342c689d18a3009ad9bc2e97
                          • Opcode Fuzzy Hash: 497965705cadaef097f8ae0f0781ec86a54b8c01d7717c07b43586492d41f4d3
                          • Instruction Fuzzy Hash: 25815071A00219EFCB04DF94C988EEEB7B9FF89315F204598F546AB254DB71AE05CB60
                          Function 01001391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _free
                          • String ID:
                          • API String ID: 269201875-0
                          • Opcode ID: 16f4e7bbcc624e7e38a175060307fa565d2244ab36bf163ae5a356292f90efd2
                          • Instruction ID: 6a91ccc7e237350db23c32672a40b31e5b8034d3b18d9b90e40751d17e4e44a4
                          • Opcode Fuzzy Hash: 16f4e7bbcc624e7e38a175060307fa565d2244ab36bf163ae5a356292f90efd2
                          • Instruction Fuzzy Hash: F0414631A00205ABFB23AABD8C45BBE3AE4EF41330F154265F658971E2EF79C4416262
                          Function 01056278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                          Download Yara Rule
                          APIs
                          • GetWindowRect.USER32(?,?), ref: 010562E2
                          • ScreenToClient.USER32(?,?), ref: 01056315
                          • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 01056382
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$ClientMoveRectScreen
                          • String ID:
                          • API String ID: 3880355969-0
                          • Opcode ID: f3eeabe7fce9bb70d79d3acbab7432df873b0add823de7b7d481e6a8e0d3f658
                          • Instruction ID: 5fc9d20a75f183dc8af542d1b241d03fc14bea7e21bf80b713219b8c9ce26f9f
                          • Opcode Fuzzy Hash: f3eeabe7fce9bb70d79d3acbab7432df873b0add823de7b7d481e6a8e0d3f658
                          • Instruction Fuzzy Hash: D5515C70A00209EFDFA1CF58D980AAF7BF5FB45360F508199F9959B292D732E981CB50
                          Function 01041AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                          Download Yara Rule
                          APIs
                          • socket.WSOCK32(00000002,00000002,00000011), ref: 01041AFD
                          • WSAGetLastError.WSOCK32 ref: 01041B0B
                          • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 01041B8A
                          • WSAGetLastError.WSOCK32 ref: 01041B94
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorLast$socket
                          • String ID:
                          • API String ID: 1881357543-0
                          • Opcode ID: 523e3bbc49d36204cfa832cf857e87874d2089ae518867c0d81bf65e184ab8c4
                          • Instruction ID: e4cb7a9ca8c49f5e35b1a517a4c62c4f1450491dddf1b88055fcf5c0fbba57a5
                          • Opcode Fuzzy Hash: 523e3bbc49d36204cfa832cf857e87874d2089ae518867c0d81bf65e184ab8c4
                          • Instruction Fuzzy Hash: AF41B2746003016FE720AF24C986F2A7BE5AB44718F54849CFA5A9F3C2D676ED818B90
                          Function 00FFB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3fce14e6c8cafb1f75b4031ec118ba4a736ec5ed3e97d914e410b5da28e9559c
                          • Instruction ID: 64117a5a64c19083e338ed2d629bb6943907866e0835a3db4990418b31168776
                          • Opcode Fuzzy Hash: 3fce14e6c8cafb1f75b4031ec118ba4a736ec5ed3e97d914e410b5da28e9559c
                          • Instruction Fuzzy Hash: 96410B76900748AFD724DF38CC41BBA7BA9EF84720F10452AF251DB691D77599019B90
                          Function 010356D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                          Download Yara Rule
                          APIs
                          • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 01035783
                          • GetLastError.KERNEL32(?,00000000), ref: 010357A9
                          • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 010357CE
                          • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 010357FA
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CreateHardLink$DeleteErrorFileLast
                          • String ID:
                          • API String ID: 3321077145-0
                          • Opcode ID: 1b484912ae6a401dde589ccb686ef490d13793cfd00427af1a97614fea848075
                          • Instruction ID: fe1c1b41a3ff22f704ceade936c011008234925befbc3e0839f21a69175582d1
                          • Opcode Fuzzy Hash: 1b484912ae6a401dde589ccb686ef490d13793cfd00427af1a97614fea848075
                          • Instruction Fuzzy Hash: 7B414F39600611DFCB11EF15C945A5EBBE5EF89320B188888E84A6B366CB35FD01DF91
                          Function 00FFD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                          Download Yara Rule
                          APIs
                          • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00FE6D71,00000000,00000000,00FE82D9,?,00FE82D9,?,00000001,00FE6D71,8BE85006,00000001,00FE82D9,00FE82D9), ref: 00FFD910
                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FFD999
                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00FFD9AB
                          • __freea.LIBCMT ref: 00FFD9B4
                            • Part of subcall function 00FF3820: RtlAllocateHeap.NTDLL(00000000,?,01091444,?,00FDFDF5,?,?,00FCA976,00000010,01091440,00FC13FC,?,00FC13C6,?,00FC1129), ref: 00FF3852
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                          • String ID:
                          • API String ID: 2652629310-0
                          • Opcode ID: 7c62f54f5a8de592c0e94589bbf6ffb18401886169a6a0a57e3b2dc770f66687
                          • Instruction ID: 95f72d93f5b0d77c6d0ba962940be430b4958368d00eb7fc78f532c981e887db
                          • Opcode Fuzzy Hash: 7c62f54f5a8de592c0e94589bbf6ffb18401886169a6a0a57e3b2dc770f66687
                          • Instruction Fuzzy Hash: E631CE72A0020EABDB259FA5DC45EBE7BA6EF41760F050168FD04D6160EB79CD50EBA0
                          Function 0102AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                          Download Yara Rule
                          APIs
                          • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0102AAAC
                          • SetKeyboardState.USER32(00000080), ref: 0102AAC8
                          • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0102AB36
                          • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0102AB88
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: KeyboardState$InputMessagePostSend
                          • String ID:
                          • API String ID: 432972143-0
                          • Opcode ID: 7c9c10074833e02d3242985475d368452044fda7086bd36f84ff0dde66d71398
                          • Instruction ID: a0225fc4290b8eca5e7a3b2a1e1b556d79d9620eb2e80f081cd7ed1188fb4fe6
                          • Opcode Fuzzy Hash: 7c9c10074833e02d3242985475d368452044fda7086bd36f84ff0dde66d71398
                          • Instruction Fuzzy Hash: EE312A30B40328EEFF368A68C808BFE7BEAAF44310F04469AE5C5579D2DB758585C761
                          Function 010552C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 01055352
                          • GetWindowLongW.USER32(?,000000F0), ref: 01055375
                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 01055382
                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 010553A8
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: LongWindow$InvalidateMessageRectSend
                          • String ID:
                          • API String ID: 3340791633-0
                          • Opcode ID: 25df0896bd9a1899cc8938fd4415a52a2aed18be82e6fe8c311760f3de133bb2
                          • Instruction ID: 75d9220f64e9d5312b9a40fc3f2db3631ab8a75c69c2fff6ea8951b67a38564c
                          • Opcode Fuzzy Hash: 25df0896bd9a1899cc8938fd4415a52a2aed18be82e6fe8c311760f3de133bb2
                          • Instruction Fuzzy Hash: 4731C434A55208EFFBF48E58CC05BEA3BA5AB04350F48C151FED9961D2C7B5AA80DB52
                          Function 01057674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                          Download Yara Rule
                          APIs
                          • ClientToScreen.USER32(?,?), ref: 0105769A
                          • GetWindowRect.USER32(?,?), ref: 01057710
                          • PtInRect.USER32(?,?,01058B89), ref: 01057720
                          • MessageBeep.USER32(00000000), ref: 0105778C
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Rect$BeepClientMessageScreenWindow
                          • String ID:
                          • API String ID: 1352109105-0
                          • Opcode ID: f09d56f59c9ff5a3f38d71bd459fbc3da64c5a7386018102f806a79267300f0e
                          • Instruction ID: 92597dc3a88f82dcd8e082462c71cd736eab5585e7cafac1fc1f805499611316
                          • Opcode Fuzzy Hash: f09d56f59c9ff5a3f38d71bd459fbc3da64c5a7386018102f806a79267300f0e
                          • Instruction Fuzzy Hash: 9B41BF34601209EFDB92CF58E498EAA7BF4FF49314F4440E8E9949B255C331E941DF90
                          Function 010516DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                          Download Yara Rule
                          APIs
                          • GetForegroundWindow.USER32 ref: 010516EB
                            • Part of subcall function 01023A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 01023A57
                            • Part of subcall function 01023A3D: GetCurrentThreadId.KERNEL32 ref: 01023A5E
                            • Part of subcall function 01023A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,010225B3), ref: 01023A65
                          • GetCaretPos.USER32(?), ref: 010516FF
                          • ClientToScreen.USER32(00000000,?), ref: 0105174C
                          • GetForegroundWindow.USER32 ref: 01051752
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                          • String ID:
                          • API String ID: 2759813231-0
                          • Opcode ID: e8b09edd048a90120d70e915cd38147c59c728113f29a21cbe6bc7cc7bc87b01
                          • Instruction ID: 74d5596b3c1afd704519a167e9108fd4e795d8607ad56c0d76387b92443108b9
                          • Opcode Fuzzy Hash: e8b09edd048a90120d70e915cd38147c59c728113f29a21cbe6bc7cc7bc87b01
                          • Instruction Fuzzy Hash: C7313D75D00249AFDB00EFA9C981DAEBBFDFF48204B5080AEE455E7201DB359E45CBA0
                          Function 0102DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC7620: _wcslen.LIBCMT ref: 00FC7625
                          • _wcslen.LIBCMT ref: 0102DFCB
                          • _wcslen.LIBCMT ref: 0102DFE2
                          • _wcslen.LIBCMT ref: 0102E00D
                          • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0102E018
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen$ExtentPoint32Text
                          • String ID:
                          • API String ID: 3763101759-0
                          • Opcode ID: b14a38c68f9f60ae0c10a0a4f6ba7984d2fc90e551289c3ff105194e47661ecd
                          • Instruction ID: 95201a1699ac5e59035073880438aead9c692ea35cef33e9dd9c81587580b677
                          • Opcode Fuzzy Hash: b14a38c68f9f60ae0c10a0a4f6ba7984d2fc90e551289c3ff105194e47661ecd
                          • Instruction Fuzzy Hash: 3C21D371900224AFCB219FA8DD81BAEB7F8EF45710F1440A9F944BB246D6789E418BA1
                          Function 0102D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                          Download Yara Rule
                          APIs
                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0102D501
                          • Process32FirstW.KERNEL32(00000000,?), ref: 0102D50F
                          • Process32NextW.KERNEL32(00000000,?), ref: 0102D52F
                          • CloseHandle.KERNEL32(00000000), ref: 0102D5DC
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                          • String ID:
                          • API String ID: 420147892-0
                          • Opcode ID: 87785cd84a07750652cd7b855da0f3c8726dd876c64c514e965dd427adf097ca
                          • Instruction ID: 4ac19863c4035e404f2df8e501405690e7404e1df3513f453d907ed129bda6dd
                          • Opcode Fuzzy Hash: 87785cd84a07750652cd7b855da0f3c8726dd876c64c514e965dd427adf097ca
                          • Instruction Fuzzy Hash: B5319E710083019FD311EF54C986EAFBBE8EF99344F54092DF581821A1EBB5A948CBA2
                          Function 01058FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FD9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FD9BB2
                          • GetCursorPos.USER32(?), ref: 01059001
                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,01017711,?,?,?,?,?), ref: 01059016
                          • GetCursorPos.USER32(?), ref: 0105905E
                          • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,01017711,?,?,?), ref: 01059094
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Cursor$LongMenuPopupProcTrackWindow
                          • String ID:
                          • API String ID: 2864067406-0
                          • Opcode ID: 165e5bd2c6c2dfdc839487b4c4f87bfb2c87773b7afd48686e2383070e96c7cd
                          • Instruction ID: 9cb118b69f2858dfe64353258ea2cbfc61af8ae51feef5f4e46cb83b6f38884d
                          • Opcode Fuzzy Hash: 165e5bd2c6c2dfdc839487b4c4f87bfb2c87773b7afd48686e2383070e96c7cd
                          • Instruction Fuzzy Hash: 51219135600118FFEB658F98C858EEB7BF9FB49364F044495FA8547251C3369990EB60
                          Function 0102D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                          Download Yara Rule
                          APIs
                          • GetFileAttributesW.KERNEL32(?,0105CB68), ref: 0102D2FB
                          • GetLastError.KERNEL32 ref: 0102D30A
                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 0102D319
                          • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0105CB68), ref: 0102D376
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CreateDirectory$AttributesErrorFileLast
                          • String ID:
                          • API String ID: 2267087916-0
                          • Opcode ID: c047456eb4460d8440e0a095579aed3bd29f15526f4fecf3062275dbbf764add
                          • Instruction ID: 1344b874547442a1576d1a4ef7a4fc1fd9ad3a15001eb148874b79e7d709b27e
                          • Opcode Fuzzy Hash: c047456eb4460d8440e0a095579aed3bd29f15526f4fecf3062275dbbf764add
                          • Instruction Fuzzy Hash: 3221D1705083129F9310DF68C9858AF7BE8EE56364F108A5DF4D9C7291D731DD49CB92
                          Function 01021571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 01021014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0102102A
                            • Part of subcall function 01021014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 01021036
                            • Part of subcall function 01021014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 01021045
                            • Part of subcall function 01021014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0102104C
                            • Part of subcall function 01021014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 01021062
                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 010215BE
                          • _memcmp.LIBVCRUNTIME ref: 010215E1
                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01021617
                          • HeapFree.KERNEL32(00000000), ref: 0102161E
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                          • String ID:
                          • API String ID: 1592001646-0
                          • Opcode ID: c1cb4f38e629f7c7f297ea23309b30e65607bdb136d445d24408a1464e6fc85f
                          • Instruction ID: 4aaed2ca57ea1de82ab5bc9df9d8903ce51dbf1e67dfd44da2d91b179c47b79e
                          • Opcode Fuzzy Hash: c1cb4f38e629f7c7f297ea23309b30e65607bdb136d445d24408a1464e6fc85f
                          • Instruction Fuzzy Hash: 27219031E00219EFDF10CFA8C948BEEBBF8EF44354F184499E585A7240D735AA05CB50
                          Function 01052782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                          Download Yara Rule
                          APIs
                          • GetWindowLongW.USER32(?,000000EC), ref: 0105280A
                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 01052824
                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 01052832
                          • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 01052840
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$Long$AttributesLayered
                          • String ID:
                          • API String ID: 2169480361-0
                          • Opcode ID: d075b4d61a0012dcc0d4b8d7141a7573d085e16f16092c1ee393b11436418eb3
                          • Instruction ID: 969c488644234ff1612b2d200b38514a0113b624c96965310aeeb23e8eb14cff
                          • Opcode Fuzzy Hash: d075b4d61a0012dcc0d4b8d7141a7573d085e16f16092c1ee393b11436418eb3
                          • Instruction Fuzzy Hash: D321F135205211EFE754DB24C845FAB7B99EF45328F148158F8A68B6D2C776EC82C7D0
                          Function 0103CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                          Download Yara Rule
                          APIs
                          • InternetReadFile.WININET(?,?,00000400,?), ref: 0103CE89
                          • GetLastError.KERNEL32(?,00000000), ref: 0103CEEA
                          • SetEvent.KERNEL32(?,?,00000000), ref: 0103CEFE
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorEventFileInternetLastRead
                          • String ID:
                          • API String ID: 234945975-0
                          • Opcode ID: bdd58702b5b516df6bf66be87b0dd4ee23bd6a40b143a8bac5a7e6810c677641
                          • Instruction ID: 44b7f7579f2d4e06348de63256a94043e59647406c2f26f0fb0a2c3fe8bfac48
                          • Opcode Fuzzy Hash: bdd58702b5b516df6bf66be87b0dd4ee23bd6a40b143a8bac5a7e6810c677641
                          • Instruction Fuzzy Hash: 6721BD715003059FF730DF69CA48BABBBFCEB80354F10445EE686E2142E775EA048B60
                          Function 010278F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 01028D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0102790A,?,000000FF,?,01028754,00000000,?,0000001C,?,?), ref: 01028D8C
                            • Part of subcall function 01028D7D: lstrcpyW.KERNEL32(00000000,?,?,0102790A,?,000000FF,?,01028754,00000000,?,0000001C,?,?,00000000), ref: 01028DB2
                            • Part of subcall function 01028D7D: lstrcmpiW.KERNEL32(00000000,?,0102790A,?,000000FF,?,01028754,00000000,?,0000001C,?,?), ref: 01028DE3
                          • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,01028754,00000000,?,0000001C,?,?,00000000), ref: 01027923
                          • lstrcpyW.KERNEL32(00000000,?,?,01028754,00000000,?,0000001C,?,?,00000000), ref: 01027949
                          • lstrcmpiW.KERNEL32(00000002,cdecl,?,01028754,00000000,?,0000001C,?,?,00000000), ref: 01027984
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: lstrcmpilstrcpylstrlen
                          • String ID: cdecl
                          • API String ID: 4031866154-3896280584
                          • Opcode ID: d8729430ea854891552c3236cd56787a13853f106cc3852cd0d5c75d69bf7120
                          • Instruction ID: 9f66daf7eea92931e9821e607a35c2677ff5576a14c3dc461593b09c14d85b08
                          • Opcode Fuzzy Hash: d8729430ea854891552c3236cd56787a13853f106cc3852cd0d5c75d69bf7120
                          • Instruction Fuzzy Hash: 4C11293A300312ABDB256F38C844D7B77E9FF55350B00402AF986CB364EB329801C751
                          Function 01057CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                          Download Yara Rule
                          APIs
                          • GetWindowLongW.USER32(?,000000F0), ref: 01057D0B
                          • SetWindowLongW.USER32(00000000,000000F0,?), ref: 01057D2A
                          • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 01057D42
                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0103B7AD,00000000), ref: 01057D6B
                            • Part of subcall function 00FD9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FD9BB2
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$Long
                          • String ID:
                          • API String ID: 847901565-0
                          • Opcode ID: 6aa202f2e4f395b91c94108beebf1694692ab58a051640b7a280bc0d67b50cea
                          • Instruction ID: 15fb8d309dce822ab707f8654a5ec2c256ccb40bfd056269c540bc355ccd2e8a
                          • Opcode Fuzzy Hash: 6aa202f2e4f395b91c94108beebf1694692ab58a051640b7a280bc0d67b50cea
                          • Instruction Fuzzy Hash: 3B11F032200615AFDBA09F2CCC04A6B3BA9FB45370B514324FDB5C72E0D7328950EB60
                          Function 01055660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(?,00001060,?,00000004), ref: 010556BB
                          • _wcslen.LIBCMT ref: 010556CD
                          • _wcslen.LIBCMT ref: 010556D8
                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 01055816
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend_wcslen
                          • String ID:
                          • API String ID: 455545452-0
                          • Opcode ID: 1bd50cc5b6b2fc972b0336d0cf3676c078ababbcfc0c3386a102632e1a637890
                          • Instruction ID: 1951424a5522d1f7367a65529bb7afd98e7c3932238886d7b7cf6391b552d276
                          • Opcode Fuzzy Hash: 1bd50cc5b6b2fc972b0336d0cf3676c078ababbcfc0c3386a102632e1a637890
                          • Instruction Fuzzy Hash: 7B11B17160020996EFA09FA5DC85AEF7BBCFF05764B00406AFE95D6081EB749640CFB0
                          Function 00FF1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9b577ea4a5336fe58e94fb5bbe37f0b19b4488d1be7559db51e842f0172434dd
                          • Instruction ID: 937ae52759bccefeb728a6163fed1d97d0d43bd02996e3abe81b1c76373d7e84
                          • Opcode Fuzzy Hash: 9b577ea4a5336fe58e94fb5bbe37f0b19b4488d1be7559db51e842f0172434dd
                          • Instruction Fuzzy Hash: A801ADB260A61EBEF72125786CC0F3B762DEF423B8B340329F721A11E5DB658C007264
                          Function 01021A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(?,000000B0,?,?), ref: 01021A47
                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 01021A59
                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 01021A6F
                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 01021A8A
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID:
                          • API String ID: 3850602802-0
                          • Opcode ID: 4189b309e5a76ac91201e5b46e8f98ace0ddba22304051c9ed3839c94d0bd66c
                          • Instruction ID: ff4a8a493b0f23d017302b36c77e9dbaffa0023c145c5dd4c44da214b08c8f70
                          • Opcode Fuzzy Hash: 4189b309e5a76ac91201e5b46e8f98ace0ddba22304051c9ed3839c94d0bd66c
                          • Instruction Fuzzy Hash: F9110C3AD00229FFEB11DBA5C985FADFBB8FB08750F200091E644B7290D6716E51DB94
                          Function 0102E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                          Download Yara Rule
                          APIs
                          • GetCurrentThreadId.KERNEL32 ref: 0102E1FD
                          • MessageBoxW.USER32(?,?,?,?), ref: 0102E230
                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0102E246
                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0102E24D
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                          • String ID:
                          • API String ID: 2880819207-0
                          • Opcode ID: f9ea8a2516c003674340cc0f445045619a2605dd3e8e5cca68ab7f656b50fb85
                          • Instruction ID: 19767be8447e59052059ec416c8d4a70fa739453ac8cb91361acf3b851964a2e
                          • Opcode Fuzzy Hash: f9ea8a2516c003674340cc0f445045619a2605dd3e8e5cca68ab7f656b50fb85
                          • Instruction Fuzzy Hash: 0D110C71A04359BFD7119FA8DD09A9F7FACEB46220F008255F955E3284D2B589048760
                          Function 00FED1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                          Download Yara Rule
                          APIs
                          • CreateThread.KERNEL32(00000000,?,00FECFF9,00000000,00000004,00000000), ref: 00FED218
                          • GetLastError.KERNEL32 ref: 00FED224
                          • __dosmaperr.LIBCMT ref: 00FED22B
                          • ResumeThread.KERNEL32(00000000), ref: 00FED249
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Thread$CreateErrorLastResume__dosmaperr
                          • String ID:
                          • API String ID: 173952441-0
                          • Opcode ID: a0a906d888b03a6a9feae11351f587239bd0c1452d511eb86f41f039444e9b57
                          • Instruction ID: 81b0b14119ce1ade1e71acfa9d3b4be365ea80f3cc04aadcae8f3cc528956beb
                          • Opcode Fuzzy Hash: a0a906d888b03a6a9feae11351f587239bd0c1452d511eb86f41f039444e9b57
                          • Instruction Fuzzy Hash: 2201F936805288BBD7215BA7DC05BAF7B6DDF81730F104259FA25925D0DF75C901E7A0
                          Function 01059EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FD9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FD9BB2
                          • GetClientRect.USER32(?,?), ref: 01059F31
                          • GetCursorPos.USER32(?), ref: 01059F3B
                          • ScreenToClient.USER32(?,?), ref: 01059F46
                          • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 01059F7A
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Client$CursorLongProcRectScreenWindow
                          • String ID:
                          • API String ID: 4127811313-0
                          • Opcode ID: d3632bef8d7902ad8f8f9652160fe65fc2156b407aa45b9efb2c170c820036fa
                          • Instruction ID: 33bf72fc92ada6eeb5889cbfeca81846409367af6cb81b17fd5210bfec25f3e6
                          • Opcode Fuzzy Hash: d3632bef8d7902ad8f8f9652160fe65fc2156b407aa45b9efb2c170c820036fa
                          • Instruction Fuzzy Hash: B011483290021AEBDF50DFA8C8899EF7BB9FB45315F400451F981E3140D335BA81CBA1
                          Function 00FC600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                          Download Yara Rule
                          APIs
                          • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00FC604C
                          • GetStockObject.GDI32(00000011), ref: 00FC6060
                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 00FC606A
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CreateMessageObjectSendStockWindow
                          • String ID:
                          • API String ID: 3970641297-0
                          • Opcode ID: d3b6800dd71f4fb2895a796615c03272c5c64b961f93071839f1ddc207d10459
                          • Instruction ID: 72f97511b8928669d90ae0f5f50cb3a71bde366d758f9ceb99b4658fb9ad0cdc
                          • Opcode Fuzzy Hash: d3b6800dd71f4fb2895a796615c03272c5c64b961f93071839f1ddc207d10459
                          • Instruction Fuzzy Hash: C3118E7250560ABFEF224F948D45FEA7B6DFF08364F000115FA04A2000C7369C60ABA0
                          Function 00FE3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • ___BuildCatchObject.LIBVCRUNTIME ref: 00FE3B56
                            • Part of subcall function 00FE3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00FE3AD2
                            • Part of subcall function 00FE3AA3: ___AdjustPointer.LIBCMT ref: 00FE3AED
                          • _UnwindNestedFrames.LIBCMT ref: 00FE3B6B
                          • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00FE3B7C
                          • CallCatchBlock.LIBVCRUNTIME ref: 00FE3BA4
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                          • String ID:
                          • API String ID: 737400349-0
                          • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                          • Instruction ID: 825e645a79ac3ece8169eb8bd2b9bb841a3d90a7b004d782c84c51b6eb440ce7
                          • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                          • Instruction Fuzzy Hash: 54014032500189BBDF125E96CC4ADEB3F6DFF88754F044058FE4896121C736E961EBA0
                          Function 00FF3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00FC13C6,00000000,00000000,?,00FF301A,00FC13C6,00000000,00000000,00000000,?,00FF328B,00000006,FlsSetValue), ref: 00FF30A5
                          • GetLastError.KERNEL32(?,00FF301A,00FC13C6,00000000,00000000,00000000,?,00FF328B,00000006,FlsSetValue,01062290,FlsSetValue,00000000,00000364,?,00FF2E46), ref: 00FF30B1
                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00FF301A,00FC13C6,00000000,00000000,00000000,?,00FF328B,00000006,FlsSetValue,01062290,FlsSetValue,00000000), ref: 00FF30BF
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: LibraryLoad$ErrorLast
                          • String ID:
                          • API String ID: 3177248105-0
                          • Opcode ID: 490e0acce2951e960d81eca62ebae9fc92611ae47bde9cd0752e64fe68f818ed
                          • Instruction ID: ee839804e09a3a17c0992c15271db26ffd4542258e3810f8f482ae826047071b
                          • Opcode Fuzzy Hash: 490e0acce2951e960d81eca62ebae9fc92611ae47bde9cd0752e64fe68f818ed
                          • Instruction Fuzzy Hash: A001473270132AABDB304A789C44E777B9CEF05BB4B100621FA45E3254DF26DA01D7E0
                          Function 01027464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0102747F
                          • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 01027497
                          • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 010274AC
                          • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 010274CA
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Type$Register$FileLoadModuleNameUser
                          • String ID:
                          • API String ID: 1352324309-0
                          • Opcode ID: d9a39f48b92bd5da6b08e0daf04a04bd3f6bcdabd479b32c4a02181bf0e42304
                          • Instruction ID: 7556b7f3a5663cf406e144fc6d14467fa2bdd21451dc824e94253858fc94a8b4
                          • Opcode Fuzzy Hash: d9a39f48b92bd5da6b08e0daf04a04bd3f6bcdabd479b32c4a02181bf0e42304
                          • Instruction Fuzzy Hash: FE118BB5201320ABF7308F14DD08FA67FFCEB00B04F008569E696D6181DBB5E904CBA1
                          Function 0102B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                          Download Yara Rule
                          APIs
                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0102ACD3,?,00008000), ref: 0102B0C4
                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0102ACD3,?,00008000), ref: 0102B0E9
                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0102ACD3,?,00008000), ref: 0102B0F3
                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0102ACD3,?,00008000), ref: 0102B126
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CounterPerformanceQuerySleep
                          • String ID:
                          • API String ID: 2875609808-0
                          • Opcode ID: 41b710229045498fe8d2c086e41581933501d69b05225a73cf4e7345f68cae6c
                          • Instruction ID: fb33b0d7d1e937f922553ee362e5017bfaad3eb9243538435023be46324feaee
                          • Opcode Fuzzy Hash: 41b710229045498fe8d2c086e41581933501d69b05225a73cf4e7345f68cae6c
                          • Instruction Fuzzy Hash: 58113931C01629E7DF11AFE4E9986EEBFB8FF0A711F504086E981B2285CB3996508B55
                          Function 01057E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                          Download Yara Rule
                          APIs
                          • GetWindowRect.USER32(?,?), ref: 01057E33
                          • ScreenToClient.USER32(?,?), ref: 01057E4B
                          • ScreenToClient.USER32(?,?), ref: 01057E6F
                          • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 01057E8A
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ClientRectScreen$InvalidateWindow
                          • String ID:
                          • API String ID: 357397906-0
                          • Opcode ID: 4066c0b740e7ae955e46f5a6b9751c24b9ca1fe3610084a0b223e03a3f8fe276
                          • Instruction ID: e568d8caa0eba89b78b4cf4b64daced9c4eae3c38b3658fac0352487cdefa7a7
                          • Opcode Fuzzy Hash: 4066c0b740e7ae955e46f5a6b9751c24b9ca1fe3610084a0b223e03a3f8fe276
                          • Instruction Fuzzy Hash: 7F1142B9D0020AAFDB51CF98C584AEEBBF9FF08310F509066E955E3214D735AA54DF90
                          Function 01022DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 01022DC5
                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 01022DD6
                          • GetCurrentThreadId.KERNEL32 ref: 01022DDD
                          • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 01022DE4
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                          • String ID:
                          • API String ID: 2710830443-0
                          • Opcode ID: 260dfbdfd573fb5f368c6ec1a7b8305734f0ba2320755eca3cc79f3630907840
                          • Instruction ID: 0e7c5c3577205f400a5fbc757875344ff7bb0714b850363c8c621912150291eb
                          • Opcode Fuzzy Hash: 260dfbdfd573fb5f368c6ec1a7b8305734f0ba2320755eca3cc79f3630907840
                          • Instruction Fuzzy Hash: 39E092721013347BE7302AB69D0DFEB3EACEF47BA1F000015F245D50809AAAD540C7B0
                          Function 01058863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FD9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00FD9693
                            • Part of subcall function 00FD9639: SelectObject.GDI32(?,00000000), ref: 00FD96A2
                            • Part of subcall function 00FD9639: BeginPath.GDI32(?), ref: 00FD96B9
                            • Part of subcall function 00FD9639: SelectObject.GDI32(?,00000000), ref: 00FD96E2
                          • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 01058887
                          • LineTo.GDI32(?,?,?), ref: 01058894
                          • EndPath.GDI32(?), ref: 010588A4
                          • StrokePath.GDI32(?), ref: 010588B2
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                          • String ID:
                          • API String ID: 1539411459-0
                          • Opcode ID: e9694a11348cabed0155245296ab43b4f821a0eac7eab300386823e10652c3c5
                          • Instruction ID: f572d8dd77a1b462a595137e8a792507b533477bfaec4c1637ede9a3f07d33ab
                          • Opcode Fuzzy Hash: e9694a11348cabed0155245296ab43b4f821a0eac7eab300386823e10652c3c5
                          • Instruction Fuzzy Hash: C2F09A36001319BAEB222E94AD09FCB3F5DAF06320F048001FE91610C5C3BA5110CBA9
                          Function 00FD98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                          Download Yara Rule
                          APIs
                          • GetSysColor.USER32(00000008), ref: 00FD98CC
                          • SetTextColor.GDI32(?,?), ref: 00FD98D6
                          • SetBkMode.GDI32(?,00000001), ref: 00FD98E9
                          • GetStockObject.GDI32(00000005), ref: 00FD98F1
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Color$ModeObjectStockText
                          • String ID:
                          • API String ID: 4037423528-0
                          • Opcode ID: 72b96a4842e01d3b19c37d29bd6070caca7da94282854eeefea9bdeeba8c96cb
                          • Instruction ID: d49cabd6abcf88491c97ae853327cc0aa9056cf820c501841a6239c1f1409b0b
                          • Opcode Fuzzy Hash: 72b96a4842e01d3b19c37d29bd6070caca7da94282854eeefea9bdeeba8c96cb
                          • Instruction Fuzzy Hash: C1E06531244380AAEB315B78A909BD93F55AB02335F088219F7F9540D5C7764240DB11
                          Function 0102162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                          Download Yara Rule
                          APIs
                          • GetCurrentThread.KERNEL32 ref: 01021634
                          • OpenThreadToken.ADVAPI32(00000000,?,?,?,010211D9), ref: 0102163B
                          • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,010211D9), ref: 01021648
                          • OpenProcessToken.ADVAPI32(00000000,?,?,?,010211D9), ref: 0102164F
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CurrentOpenProcessThreadToken
                          • String ID:
                          • API String ID: 3974789173-0
                          • Opcode ID: 1e51ec227962b63eedc36be0268cf6ce6774e20619723c89ba9527f75ac8142b
                          • Instruction ID: 3156863338a1c52399aef8c244be26271891a64f410ee9b7c87bba6b37bfb90e
                          • Opcode Fuzzy Hash: 1e51ec227962b63eedc36be0268cf6ce6774e20619723c89ba9527f75ac8142b
                          • Instruction Fuzzy Hash: D7E08671602321ABE7701FA49F0DB4B3BBDEF45B91F144848F2C5C9084D6394040C750
                          Function 0101D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                          Download Yara Rule
                          APIs
                          • GetDesktopWindow.USER32 ref: 0101D858
                          • GetDC.USER32(00000000), ref: 0101D862
                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0101D882
                          • ReleaseDC.USER32(?), ref: 0101D8A3
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CapsDesktopDeviceReleaseWindow
                          • String ID:
                          • API String ID: 2889604237-0
                          • Opcode ID: 9c4535fa121db15e342185bbb6d2ccb7a22d4e23201f1ebc0cf08d07dfcdd019
                          • Instruction ID: 15bc655d60e8b96ee5da7f22c36bab3f2bacd7c387c8efb1b5a28d87e672d415
                          • Opcode Fuzzy Hash: 9c4535fa121db15e342185bbb6d2ccb7a22d4e23201f1ebc0cf08d07dfcdd019
                          • Instruction Fuzzy Hash: 2EE075B5800305DFDB519FA0960CA6EBBBAEB48711B149459E88AE7248C73D5A41EF60
                          Function 0101D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                          Download Yara Rule
                          APIs
                          • GetDesktopWindow.USER32 ref: 0101D86C
                          • GetDC.USER32(00000000), ref: 0101D876
                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0101D882
                          • ReleaseDC.USER32(?), ref: 0101D8A3
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CapsDesktopDeviceReleaseWindow
                          • String ID:
                          • API String ID: 2889604237-0
                          • Opcode ID: b0555acbffb9704454f755d726630b6d7756ac5a0f549585164f7bed5d4d652a
                          • Instruction ID: 51bd1eaeaf72a3cddfd219a381250ad2eaa6c50df360bc5e162ab0302453b3ca
                          • Opcode Fuzzy Hash: b0555acbffb9704454f755d726630b6d7756ac5a0f549585164f7bed5d4d652a
                          • Instruction Fuzzy Hash: 4DE09A75800305DFDF619FA0D60C66EBBB9FB48711B149449F98AE7244C73D6A01EF60
                          Function 01034D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC7620: _wcslen.LIBCMT ref: 00FC7625
                          • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 01034ED4
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Connection_wcslen
                          • String ID: *$LPT
                          • API String ID: 1725874428-3443410124
                          • Opcode ID: 57ae428b2a68c0f6e25a1630b53183563887973bc0a155a006cd9ac0b8c2217c
                          • Instruction ID: 9e4a14efe0b6cd8b61fa12fe0e552a471dc1c933236c38d8aaa83225324a7678
                          • Opcode Fuzzy Hash: 57ae428b2a68c0f6e25a1630b53183563887973bc0a155a006cd9ac0b8c2217c
                          • Instruction Fuzzy Hash: 04918075A042049FDB54DF58C985EAABBF5AF84304F1880DDE84A9F362C735EE85CB90
                          Function 00FEE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                          Download Yara Rule
                          APIs
                          • __startOneArgErrorHandling.LIBCMT ref: 00FEE30D
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ErrorHandling__start
                          • String ID: pow
                          • API String ID: 3213639722-2276729525
                          • Opcode ID: 47724aa1c1fdffc776c215996fe294be900f83be8ca12d6087e66c47f299c9dc
                          • Instruction ID: 1ddb1af5322fb23a6bce1e37a10ecda1969eb4e980617507546ed0e4466336db
                          • Opcode Fuzzy Hash: 47724aa1c1fdffc776c215996fe294be900f83be8ca12d6087e66c47f299c9dc
                          • Instruction Fuzzy Hash: 8C517B71E0C34A96CB217B15DD013BEBB94AF40760F304969E1D5822FDEB398C95BB46
                          Function 00FDE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID:
                          • String ID: #
                          • API String ID: 0-1885708031
                          • Opcode ID: f45562dfcf8fe15be206995c4b3c7fc23444ddbfef288f1c49212406896ba117
                          • Instruction ID: 60e231c61417d205b777ea0a363f523e4493360f597326640877587207e16bf3
                          • Opcode Fuzzy Hash: f45562dfcf8fe15be206995c4b3c7fc23444ddbfef288f1c49212406896ba117
                          • Instruction Fuzzy Hash: 3A514735900246DFEB16EF28C881AFE7BE5FF55320F28405AEC919B2C4D6389D42D750
                          Function 00FDF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                          Download Yara Rule
                          APIs
                          • Sleep.KERNEL32(00000000), ref: 00FDF2A2
                          • GlobalMemoryStatusEx.KERNEL32(?), ref: 00FDF2BB
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: GlobalMemorySleepStatus
                          • String ID: @
                          • API String ID: 2783356886-2766056989
                          • Opcode ID: 8e47e6b51d5272b6399c29aad1a824b49db464f11ae452f7d52c774c214f65f2
                          • Instruction ID: 84d1cf6604af647f4f7511df386aab529ccf9db8e751df33870c4c7772703f95
                          • Opcode Fuzzy Hash: 8e47e6b51d5272b6399c29aad1a824b49db464f11ae452f7d52c774c214f65f2
                          • Instruction Fuzzy Hash: 705145719087459BD320AF10DD86BAFBBFCFB84300F81885DF1D942195EB758529CBA6
                          Function 01045745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                          Download Yara Rule
                          APIs
                          • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 010457E0
                          • _wcslen.LIBCMT ref: 010457EC
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: BuffCharUpper_wcslen
                          • String ID: CALLARGARRAY
                          • API String ID: 157775604-1150593374
                          • Opcode ID: c688cec6426239c4248df58cc2f1bef6e2f725716be1ddd91bc49ee7df3a5aac
                          • Instruction ID: 7e90b540e21a4f9c8b9b890081438c9dec5d17a151cb1233e7c4bd126e19839e
                          • Opcode Fuzzy Hash: c688cec6426239c4248df58cc2f1bef6e2f725716be1ddd91bc49ee7df3a5aac
                          • Instruction Fuzzy Hash: ED41C171E002099FDB04EFA8CC81DAEBBF5FF59320F24406DE545A7292EB349981CB90
                          Function 0103D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                          Download Yara Rule
                          APIs
                          • _wcslen.LIBCMT ref: 0103D130
                          • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0103D13A
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CrackInternet_wcslen
                          • String ID: |
                          • API String ID: 596671847-2343686810
                          • Opcode ID: a7eae823f96ab16de34f172c191b1b04c70f78d5b38685c683d60c66ecfd3043
                          • Instruction ID: a225bb67ae1237cbd97527c5bc1f32956697b400263118e58025ac8b06743ea7
                          • Opcode Fuzzy Hash: a7eae823f96ab16de34f172c191b1b04c70f78d5b38685c683d60c66ecfd3043
                          • Instruction Fuzzy Hash: BB315B71D0020AABDF15EFA5CD85EEEBFB9FF04300F000059F815A6162E735AA16DB64
                          Function 0105356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                          Download Yara Rule
                          APIs
                          • DestroyWindow.USER32(?,?,?,?), ref: 01053621
                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0105365C
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$DestroyMove
                          • String ID: static
                          • API String ID: 2139405536-2160076837
                          • Opcode ID: fe7b1be5cecd50ebe17ab5b62b9542adc5293e5cef74f0814f2b64a8600414db
                          • Instruction ID: 4adc91bc32dfacbfd1d744c85ef9336eaa3f5003585661819fc8093083b74245
                          • Opcode Fuzzy Hash: fe7b1be5cecd50ebe17ab5b62b9542adc5293e5cef74f0814f2b64a8600414db
                          • Instruction Fuzzy Hash: AC319C71100204AEEB609F28DC80FFB73A9FF88764F00961DFDA5DB280DA35A881D760
                          Function 01054537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0105461F
                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 01054634
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID: '
                          • API String ID: 3850602802-1997036262
                          • Opcode ID: 123cfb7bb9f4d5ffd276a281955c4793b2fafb7e8ea73a703c51868e2192af7a
                          • Instruction ID: 56bd8f6c4b85106946d9d294c8196892faa71d758ea697d5f884e1aa182eabea
                          • Opcode Fuzzy Hash: 123cfb7bb9f4d5ffd276a281955c4793b2fafb7e8ea73a703c51868e2192af7a
                          • Instruction Fuzzy Hash: C3311774A0120AAFDB54CF69C990BDA7BB5FB49304F104069EE44EB342E771A981CF90
                          Function 010531EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0105327C
                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 01053287
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID: Combobox
                          • API String ID: 3850602802-2096851135
                          • Opcode ID: 9fa5a79bd3268555ed6eb49c26403ff8b633f4eb113b458f56930169d09b8fc4
                          • Instruction ID: e0b075fbc0b67f98ddd3a3e392f306492e28c87e6aa9065ee36007dcbca4a28f
                          • Opcode Fuzzy Hash: 9fa5a79bd3268555ed6eb49c26403ff8b633f4eb113b458f56930169d09b8fc4
                          • Instruction Fuzzy Hash: F011D3713046096FFFA29E58DC80EBB379AFB483E4F104128F9949B291D6359C51C760
                          Function 01053710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00FC604C
                            • Part of subcall function 00FC600E: GetStockObject.GDI32(00000011), ref: 00FC6060
                            • Part of subcall function 00FC600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00FC606A
                          • GetWindowRect.USER32(00000000,?), ref: 0105377A
                          • GetSysColor.USER32(00000012), ref: 01053794
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                          • String ID: static
                          • API String ID: 1983116058-2160076837
                          • Opcode ID: 844d6ad5b1c8cbf3f848e72dd41343fac47ecd3acf73530b3d1d9fbad84ddd63
                          • Instruction ID: 9d6903e199f3e38eeae655cb1b7349c318d13b587e466e990d81ac697b2079f8
                          • Opcode Fuzzy Hash: 844d6ad5b1c8cbf3f848e72dd41343fac47ecd3acf73530b3d1d9fbad84ddd63
                          • Instruction Fuzzy Hash: 5C111472A1020AAFEB51DFA8CD45AEB7BF8FB08354F004919FD95E6240E735E8519B60
                          Function 0103CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                          Download Yara Rule
                          APIs
                          • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0103CD7D
                          • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0103CDA6
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Internet$OpenOption
                          • String ID: <local>
                          • API String ID: 942729171-4266983199
                          • Opcode ID: 877c53072525ebb01a1cc2c56e492c645359ecede46d5acbb51ebcb8fdced824
                          • Instruction ID: 7d31d5bda6ea4cc715ac8b96465062ee388f3c8180b2d8e793d225095acce127
                          • Opcode Fuzzy Hash: 877c53072525ebb01a1cc2c56e492c645359ecede46d5acbb51ebcb8fdced824
                          • Instruction Fuzzy Hash: 821106752056357AE7746A6A8D4CEE7BEACEF826A4F00421BB189E3080D7749440C6F0
                          Function 01053429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetWindowTextLengthW.USER32(00000000), ref: 010534AB
                          • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 010534BA
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: LengthMessageSendTextWindow
                          • String ID: edit
                          • API String ID: 2978978980-2167791130
                          • Opcode ID: fe484f55ae5fd69bdccaf423cb6c30460fca1a813c9fd458d6aa4617c8e7ec49
                          • Instruction ID: d000aacf263fb67dea5b2c890bbdc0862d54ed6ff5792826728276958d8abeb4
                          • Opcode Fuzzy Hash: fe484f55ae5fd69bdccaf423cb6c30460fca1a813c9fd458d6aa4617c8e7ec49
                          • Instruction Fuzzy Hash: 2E116075100204ABEFA24E68DC44AAB3BAAFB053B4F504714FDA19B1D4CB75EC919B50
                          Function 01026C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                          • CharUpperBuffW.USER32(?,?,?), ref: 01026CB6
                          • _wcslen.LIBCMT ref: 01026CC2
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen$BuffCharUpper
                          • String ID: STOP
                          • API String ID: 1256254125-2411985666
                          • Opcode ID: ea4f1e708ff5fa52a6ea553c3a78ab45ba8fcf6c736be6e73f35052baf5f1ee0
                          • Instruction ID: 6cd907147fe7b0e6cd9d67e4565e7db9f5cf4a4a67284764b4a04f7d8a29709c
                          • Opcode Fuzzy Hash: ea4f1e708ff5fa52a6ea553c3a78ab45ba8fcf6c736be6e73f35052baf5f1ee0
                          • Instruction Fuzzy Hash: FE010032E0453B8BCB21BEBDCC819BF37E5EB51710B500568ECA293182EA37E540C650
                          Function 01021CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                            • Part of subcall function 01023CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01023CCA
                          • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 01021D4C
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ClassMessageNameSend_wcslen
                          • String ID: ComboBox$ListBox
                          • API String ID: 624084870-1403004172
                          • Opcode ID: f4cb2c35526f74d420271be935e411be3591bcb7a3e2cb7b59128b1145ff2c66
                          • Instruction ID: 85538b4ba73f47aa759c7ef6d396e449cfba4d242c7ac5804e56ba3774070cf8
                          • Opcode Fuzzy Hash: f4cb2c35526f74d420271be935e411be3591bcb7a3e2cb7b59128b1145ff2c66
                          • Instruction Fuzzy Hash: F801243160423AABDB08FFA4CD15EFE77A8FB16350B00061DE8B25B2C0EA7458088760
                          Function 01021BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                            • Part of subcall function 01023CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01023CCA
                          • SendMessageW.USER32(?,00000180,00000000,?), ref: 01021C46
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ClassMessageNameSend_wcslen
                          • String ID: ComboBox$ListBox
                          • API String ID: 624084870-1403004172
                          • Opcode ID: 548d0a026023daebc0a96359b998934c5406b339d95409f8f1c326ea96ad939b
                          • Instruction ID: 4a9427492305424466535668c068654922339b6e993bd600b93aa64a40eee678
                          • Opcode Fuzzy Hash: 548d0a026023daebc0a96359b998934c5406b339d95409f8f1c326ea96ad939b
                          • Instruction Fuzzy Hash: 2E01F77564412D76DB04FB90CE56EFF77E89B15340F60001DE596772C1EA74AA0C87B1
                          Function 01021C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                            • Part of subcall function 01023CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01023CCA
                          • SendMessageW.USER32(?,00000182,?,00000000), ref: 01021CC8
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ClassMessageNameSend_wcslen
                          • String ID: ComboBox$ListBox
                          • API String ID: 624084870-1403004172
                          • Opcode ID: 7261e9d0aaf923fccc2e69a3751d78fa0b0873e1464d5cac7f0726eec7eae58c
                          • Instruction ID: 6fda4b11eb6a781259c2bd7a93a52e8657367168d0510fafc3e3b1adef84eac1
                          • Opcode Fuzzy Hash: 7261e9d0aaf923fccc2e69a3751d78fa0b0873e1464d5cac7f0726eec7eae58c
                          • Instruction Fuzzy Hash: 9C01F77560412D66DB04FB95CF16EFF77E89B21340F200029E88167281EA749A0886B1
                          Function 01021D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FC9CB3: _wcslen.LIBCMT ref: 00FC9CBD
                            • Part of subcall function 01023CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01023CCA
                          • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 01021DD3
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ClassMessageNameSend_wcslen
                          • String ID: ComboBox$ListBox
                          • API String ID: 624084870-1403004172
                          • Opcode ID: 8877745b7404110bda3b5a2530d1c54b34712176ed01b0d0148163ed82347b35
                          • Instruction ID: 1e82599e2a0345f3890bba8069ba4271c2284b8e903c815e28248f0b934d3531
                          • Opcode Fuzzy Hash: 8877745b7404110bda3b5a2530d1c54b34712176ed01b0d0148163ed82347b35
                          • Instruction Fuzzy Hash: 6FF0F471A4422AA6DB14FBA4CD56FFF77A8AB15340F440919F8A2672C1DAB459088660
                          Function 0104747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: _wcslen
                          • String ID: 3, 3, 16, 1
                          • API String ID: 176396367-3042988571
                          • Opcode ID: dc23df5a3aa6533c9e9364ab113377e5e84a3b8e1905228795ad6af18806660a
                          • Instruction ID: 5fa4a54618d0c90ddaa0a6c84d4af2a447515d26ad0afad629481e97e073c280
                          • Opcode Fuzzy Hash: dc23df5a3aa6533c9e9364ab113377e5e84a3b8e1905228795ad6af18806660a
                          • Instruction Fuzzy Hash: 9BE0E582201260119271227A9CC197F7AC9CFC9650710187EFAC1D226BEF98DD9193A1
                          Function 01020B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                          Download Yara Rule
                          APIs
                          • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 01020B23
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Message
                          • String ID: AutoIt$Error allocating memory.
                          • API String ID: 2030045667-4017498283
                          • Opcode ID: e03cdc6845bcc0fd9b215db7715d8df515be8ef134f61c0454559b2b58809246
                          • Instruction ID: 132fd5660598f2e06f188c1892db140ad443d2bd37211c9d47ea4369ec2f04e1
                          • Opcode Fuzzy Hash: e03cdc6845bcc0fd9b215db7715d8df515be8ef134f61c0454559b2b58809246
                          • Instruction Fuzzy Hash: 37E0D8322483183AE32436957D07F8A7F99CF05F50F10046FFBD4995C38ADA245056A9
                          Function 00FE0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00FDF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00FE0D71,?,?,?,00FC100A), ref: 00FDF7CE
                          • IsDebuggerPresent.KERNEL32(?,?,?,00FC100A), ref: 00FE0D75
                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00FC100A), ref: 00FE0D84
                          Strings
                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00FE0D7F
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                          • API String ID: 55579361-631824599
                          • Opcode ID: 92f6a3014a5e69148d917280b7cad7180f90a0c1e9f653f24b9c9bb79a3b483c
                          • Instruction ID: 854a77d4cbf756e132a794ce2e77fd408b379fa165dc1c8dfe8cc6a09df2b012
                          • Opcode Fuzzy Hash: 92f6a3014a5e69148d917280b7cad7180f90a0c1e9f653f24b9c9bb79a3b483c
                          • Instruction Fuzzy Hash: 82E06D702003428BE3709FB9D9047477BE4AB00B44F04892DE8C6C7649DFF9E484EBA1
                          Function 01033017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                          Download Yara Rule
                          APIs
                          • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0103302F
                          • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 01033044
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: Temp$FileNamePath
                          • String ID: aut
                          • API String ID: 3285503233-3010740371
                          • Opcode ID: db54db0deb40060f6351e5eef9913fe7100a0ec347ec2db07230211fffc2d911
                          • Instruction ID: f800613fce6b01a7c2a6997e20b75fca0c1d7660673eda02de417f03809dfac5
                          • Opcode Fuzzy Hash: db54db0deb40060f6351e5eef9913fe7100a0ec347ec2db07230211fffc2d911
                          • Instruction Fuzzy Hash: 82D05E7250032867EF30A6A5AD4EFCB7A6CDB04690F0002A1B6D9D6085EAB59984CBD0
                          Function 0101D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: LocalTime
                          • String ID: %.3d$X64
                          • API String ID: 481472006-1077770165
                          • Opcode ID: 3595ebcdc7a68bba01fb36bd9c25862bcd1cd98fe8d409000044f89b3381712a
                          • Instruction ID: fa9f08f8cc9e98da81bbfea1be00e0d5d7a2ccf45b4abf387c66e2ebdaa68063
                          • Opcode Fuzzy Hash: 3595ebcdc7a68bba01fb36bd9c25862bcd1cd98fe8d409000044f89b3381712a
                          • Instruction Fuzzy Hash: 6FD01271808219E9CB50A6D0CC4D9FEB37CEB69251F448453F996D2008D62CD5085761
                          Function 01052322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                          Download Yara Rule
                          APIs
                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0105232C
                          • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0105233F
                            • Part of subcall function 0102E97B: Sleep.KERNEL32 ref: 0102E9F3
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: FindMessagePostSleepWindow
                          • String ID: Shell_TrayWnd
                          • API String ID: 529655941-2988720461
                          • Opcode ID: 6db72e1baf530caadacc3ea799ed8ef1bd4425b0ca4da90b6e9c73d0d18620ee
                          • Instruction ID: 81b893d32ef10140d9a8b9c75513a6d08fccadaa3d1d9d654dcaf9978acf7e27
                          • Opcode Fuzzy Hash: 6db72e1baf530caadacc3ea799ed8ef1bd4425b0ca4da90b6e9c73d0d18620ee
                          • Instruction Fuzzy Hash: E8D0A932394310B6E374B270DD1EFC7BA08AB00B00F000906B2C5AA2C4C8B5A8008B50
                          Function 01052356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                          Download Yara Rule
                          APIs
                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0105236C
                          • PostMessageW.USER32(00000000), ref: 01052373
                            • Part of subcall function 0102E97B: Sleep.KERNEL32 ref: 0102E9F3
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: FindMessagePostSleepWindow
                          • String ID: Shell_TrayWnd
                          • API String ID: 529655941-2988720461
                          • Opcode ID: 376280607c2b6ee463006deaea618ce65da1ae88e63c3a40af0ede45162886ae
                          • Instruction ID: cb789051877291da15be4da0751e92d6abb9d11aff9a773c79edf04c1cfa7cc3
                          • Opcode Fuzzy Hash: 376280607c2b6ee463006deaea618ce65da1ae88e63c3a40af0ede45162886ae
                          • Instruction Fuzzy Hash: 9DD0A9323C03107AF374B270DD0EFC7B608AB04B00F000906B2C1AA2C4C8B5A8008B54
                          Function 00FFBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00FFBE93
                          • GetLastError.KERNEL32 ref: 00FFBEA1
                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FFBEFC
                          Memory Dump Source
                          • Source File: 00000000.00000002.3007817299.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                          • Associated: 00000000.00000002.3007798880.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.000000000105C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007876120.0000000001082000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007924542.000000000108C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.3007948280.0000000001094000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                          Similarity
                          • API ID: ByteCharMultiWide$ErrorLast
                          • String ID:
                          • API String ID: 1717984340-0
                          • Opcode ID: 074daf692e9f5b5270e59c5a61d1b43ee77bb4cef407082c4b3ff00e54046dcf
                          • Instruction ID: 3820e9930ccfaf98ed5b3abba6279468c2a5e13fd75a1f329e3a027032420541
                          • Opcode Fuzzy Hash: 074daf692e9f5b5270e59c5a61d1b43ee77bb4cef407082c4b3ff00e54046dcf
                          • Instruction Fuzzy Hash: 6A41E635A0424AAFDF218FA5CC44BBA7BA9EF41730F144169FA59971F1DB318D00EB60